Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1505536
MD5:df302225c2ef4a150c48fa19bfa69ef1
SHA1:af90c0b4960217bc9d1b346edc7f98d583b1102a
SHA256:784144d395ecab1d04ffaede56760329604f7989a258f3e75b3edc50d1400a47
Tags:exe
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • file.exe (PID: 5572 cmdline: "C:\Users\user\Desktop\file.exe" MD5: DF302225C2EF4A150C48FA19BFA69EF1)
    • msedge.exe (PID: 7152 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 7192 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2068,i,5020802351370536998,15262219808379348083,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • firefox.exe (PID: 6196 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 1476 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 2820 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8872 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2248 -parentBuildID 20230927232528 -prefsHandle 2192 -prefMapHandle 2184 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13c17ad6-1eb2-4955-9856-7bf69971fb7d} 2820 "\\.\pipe\gecko-crash-server-pipe.2820" 20d57b6e510 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 9300 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4576 -parentBuildID 20230927232528 -prefsHandle 4568 -prefMapHandle 4564 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee4f6238-5873-40cd-9a85-d99669e8d9c0} 2820 "\\.\pipe\gecko-crash-server-pipe.2820" 20d6a8f4a10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • msedge.exe (PID: 7208 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7684 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2972 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8968 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6968 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8988 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7156 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7224 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7492 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7312 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7388 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9020 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7372 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 9616 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=8232 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup
No configs have been found
No yara matches
No Sigma rule has matched
No Suricata rule has matched

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: file.exeReversingLabs: Detection: 26%
Source: file.exeVirustotal: Detection: 30%Perma Link
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49767 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49774 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49776 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.164.68.56:443 -> 192.168.2.5:49777 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49782 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49955 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49959 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49958 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49960 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49961 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49962 version: TLS 1.2
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000006.00000003.2512673438.0000020D68673000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2522370750.0000020D69200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000006.00000003.2512673438.0000020D68673000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2522370750.0000020D69200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.dr
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00B5DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B2C2A2 FindFirstFileExW,0_2_00B2C2A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B668EE FindFirstFileW,FindClose,0_2_00B668EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00B6698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00B5D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00B5D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B69642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00B69642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00B6979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B69B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00B69B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B65C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00B65C97
Source: global trafficTCP traffic: 192.168.2.5:49953 -> 162.159.36.2:53
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 23.55.235.170 23.55.235.170
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.46
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.46
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.46
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.46
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.46
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.80.46
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.110
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.72.110
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_00B6CE44
Source: global trafficHTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=995099751&timestamp=1725618730266 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726223527&P2=404&P3=2&P4=Pi3s95lI%2fu3EpbG1ZNe4TvAMJSTBKzS3ImeC0FCQ%2fzy6laI1jD%2fACF67Kv3wBH3v2jTLAeraXOfxeTZ21HxHyw%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: bS7S89lTRdsEUnldXvNCAnSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ProductCategoriesSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=kRd+8N8XNlUL4Xo&MD=U1Kl3m5H HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=kRd+8N8XNlUL4Xo&MD=U1Kl3m5H HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2325647251.0000020D65F35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2325647251.0000020D65F35000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.twitter.com (Twitter)
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "default.sites": "https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/", equals www.youtube.com (Youtube)
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: 000003.log7.8.drString found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
Source: 000003.log7.8.drString found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
Source: 000003.log7.8.drString found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.google-analytics.com/analytics.js**://ssl.google-analytics.com/ga.js*://auth.9c9media.ca/auth/main.js*://s0.2mdn.net/instream/html5/ima3.js@mozilla.org/addons/addon-manager-startup;1pictureinpicture%40mozilla.org:1.0.0*://track.adform.net/serving/scripts/trackpoint/*://static.chartbeat.com/js/chartbeat.js*://static.chartbeat.com/js/chartbeat_video.js*://connect.facebook.net/*/all.js**://www.google-analytics.com/gtm/js**://pub.doubleverify.com/signals/pub.js*webcompat-reporter%40mozilla.org:1.5.1https://smartblock.firefox.etp/facebook.svg*://*.imgur.com/js/vendor.*.bundle.jshttps://smartblock.firefox.etp/play.svg*://static.criteo.net/js/ld/publishertag.js*://*.imgur.io/js/vendor.*.bundle.js*://web-assets.toggl.com/app/assets/scripts/*.jsFileUtils_closeAtomicFileOutputStreamFileUtils_closeSafeFileOutputStreamresource://gre/modules/FileUtils.sys.mjsresource://gre/modules/addons/XPIProvider.jsm*://www.everestjs.net/static/st.v3.js**://cdn.branch.io/branch-latest.min.js**://libs.coremetrics.com/eluminate.jswebcompat-reporter@mozilla.org.xpi*://connect.facebook.net/*/sdk.js**://c.amazon-adsystem.com/aax2/apstag.js*://www.googletagmanager.com/gtm.js**://www.google-analytics.com/plugins/ua/ec.js*://www.rva311.com/static/js/main.*.chunk.jsbrowser-shutdown-tabstate-updated equals www.facebook.com (Facebook)
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["*://webcompat-addon-testbed.herokuapp.com/shims_test.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "*://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js*", "*://track.adform.net/serving/scripts/trackpoint/", "*://track.adform.net/serving/scripts/trackpoint/async/", "*://*.adnxs.com/*/ast.js*", "*://*.adnxs.com/*/pb.js*", "*://*.adnxs.com/*/prebid*", "*://www.everestjs.net/static/st.v3.js*", "*://static.adsafeprotected.com/vans-adapter-google-ima.js", "*://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "*://cdn.branch.io/branch-latest.min.js*", "*://pub.doubleverify.com/signals/pub.js*", "*://c.amazon-adsystem.com/aax2/apstag.js", "*://auth.9c9media.ca/auth/main.js", "*://static.chartbeat.com/js/chartbeat.js", "*://static.chartbeat.com/js/chartbeat_video.js", "*://static.criteo.net/js/ld/publishertag.js", "*://*.imgur.com/js/vendor.*.bundle.js", "*://*.imgur.io/js/vendor.*.bundle.js", "*://www.rva311.com/static/js/main.*.chunk.js", "*://web-assets.toggl.com/app/assets/scripts/*.js", "*://libs.coremetrics.com/eluminate.js", "*://connect.facebook.net/*/sdk.js*", "*://connect.facebook.net/*/all.js*", "*://secure.cdn.fastclick.net/js/cnvr-launcher/*/launcher-stub.min.js*", "*://www.google-analytics.com/analytics.js*", "*://www.google-analytics.com/gtm/js*", "*://www.googletagmanager.com/gtm.js*", "*://www.google-analytics.com/plugins/ua/ec.js", "*://ssl.google-analytics.com/ga.js", "*://s0.2mdn.net/instream/html5/ima3.js", "*://imasdk.googleapis.com/js/sdkloader/ima3.js", "*://www.googleadservices.com/pagead/conversion_async.js", "*://www.googletagservices.com/tag/js/gpt.js*", "*://pagead2.googlesyndication.com/tag/js/gpt.js*", "*://pagead2.googlesyndication.com/gpt/pubads_impl_*.js*", "*://securepubads.g.doubleclick.net/tag/js/gpt.js*", "*://securepubads.g.doubleclick.net/gpt/pubads_impl_*.js*", "*://script.ioam.de/iam.js", "*://cdn.adsafeprotected.com/iasPET.1.js", "*://static.adsafeprotected.com/iasPET.1.js", "*://adservex.media.net/videoAds.js*", "*://*.moatads.com/*/moatad.js*", "*://*.moatads.com/*/moatapi.js*", "*://*.moatads.com/*/moatheader.js*", "*://*.moatads.com/*/yi.js*", "*://*.imrworldwide.com/v60.js", "*://cdn.optimizely.com/js/*.js", "*://cdn.optimizely.com/public/*.js", "*://id.rambler.ru/rambler-id-helper/auth_events.js", "*://media.richrelevance.com/rrserver/js/1.2/p13n.js", "*://www.gstatic.com/firebasejs/*/firebase-messaging.js*", "*://*.vidible.tv/*/vidible-min.js*", "*://vdb-cdn-files.s3.amazonaws.com/*/vidible-min.js*", "*://js.maxmind.com/js/apis/geoip2/*/geoip2.js", "*://s.webtrends.com/js/advancedLinkTracking.js", "*://s.webtrends.com/js/webtrends.js", "*://s.webtrends.com/js/webtrends.min.js"], windowId
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [{incognito:null, tabId:null, types:["script"], urls:["*://webcompat-addon-testbed.herokuapp.com/shims_test.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_2.js", "*://example.com/browser/browser/extensions/webcompat/tests/browser/shims_test_3.js", "*://s7.addthis.com/icons/official-addthis-angularjs/current/dist/official-addthis-angularjs.min.js*", "*://track.adform.net/serving/scripts/trackpoint/", "*://track.adform.net/serving/scripts/trackpoint/async/", "*://*.adnxs.com/*/ast.js*", "*://*.adnxs.com/*/pb.js*", "*://*.adnxs.com/*/prebid*", "*://www.everestjs.net/static/st.v3.js*", "*://static.adsafeprotected.com/vans-adapter-google-ima.js", "*://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js", "*://cdn.branch.io/branch-latest.min.js*", "*://pub.doubleverify.com/signals/pub.js*", "*://c.amazon-adsystem.com/aax2/apstag.js", "*://auth.9c9media.ca/auth/main.js", "*://static.chartbeat.com/js/chartbeat.js", "*://static.chartbeat.com/js/chartbeat_video.js", "*://static.criteo.net/js/ld/publishertag.js", "*://*.imgur.com/js/vendor.*.bundle.js", "*://*.imgur.io/js/vendor.*.bundle.js", "*://www.rva311.com/static/js/main.*.chunk.js", "*://web-assets.toggl.com/app/assets/scripts/*.js", "*://libs.coremetrics.com/eluminate.js", "*://connect.facebook.net/*/sdk.js*", "*://connect.facebook.net/*/all.js*", "*://secure.cdn.fastclick.net/js/cnvr-launcher/*/launcher-stub.min.js*", "*://www.google-analytics.com/analytics.js*", "*://www.google-analytics.com/gtm/js*", "*://www.googletagmanager.com/gtm.js*", "*://www.google-analytics.com/plugins/ua/ec.js", "*://ssl.google-analytics.com/ga.js", "*://s0.2mdn.net/instream/html5/ima3.js", "*://imasdk.googleapis.com/js/sdkloader/ima3.js", "*://www.googleadservices.com/pagead/conversion_async.js", "*://www.googletagservices.com/tag/js/gpt.js*", "*://pagead2.googlesyndication.com/tag/js/gpt.js*", "*://pagead2.googlesyndication.com/gpt/pubads_impl_*.js*", "*://securepubads.g.doubleclick.net/tag/js/gpt.js*", "*://securepubads.g.doubleclick.net/gpt/pubads_impl_*.js*", "*://script.ioam.de/iam.js", "*://cdn.adsafeprotected.com/iasPET.1.js", "*://static.adsafeprotected.com/iasPET.1.js", "*://adservex.media.net/videoAds.js*", "*://*.moatads.com/*/moatad.js*", "*://*.moatads.com/*/moatapi.js*", "*://*.moatads.com/*/moatheader.js*", "*://*.moatads.com/*/yi.js*", "*://*.imrworldwide.com/v60.js", "*://cdn.optimizely.com/js/*.js", "*://cdn.optimizely.com/public/*.js", "*://id.rambler.ru/rambler-id-helper/auth_events.js", "*://media.richrelevance.com/rrserver/js/1.2/p13n.js", "*://www.gstatic.com/firebasejs/*/firebase-messaging.js*", "*://*.vidible.tv/*/vidible-min.js*", "*://vdb-cdn-files.s3.amazonaws.com/*/vidible-min.js*", "*://js.maxmind.com/js/apis/geoip2/*/geoip2.js", "*://s.webtrends.com/js/advancedLinkTracking.js", "*://s.webtrends.com/js/webtrends.js", "*://s.webtrends.com/js/webtrends.min.js"], windowId
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: addons-search-detection@mozilla.comhttps://en.wikipedia.org/wiki/Special:Search*resource://search-extensions/google/resource://search-extensions/amazondotcom/*://securepubads.g.doubleclick.net/gampad/*ad*https://ads.stickyadstv.com/firefox-etp*://ads.stickyadstv.com/auto-user-sync**://*.adsafeprotected.com/*/unit/**://ads.stickyadstv.com/user-matching**://pubads.g.doubleclick.net/gampad/*xml_vmap2**://*.adsafeprotected.com/jload?**://*.adsafeprotected.com/jsvid?**://*.adsafeprotected.com/services/pub**://trends.google.com/trends/embed*--panel-banner-item-update-supported-bgcolorresource://builtin-addons/search-detection/*://www.facebook.com/platform/impression.php**://pubads.g.doubleclick.net/gampad/*ad-blk**://pubads.g.doubleclick.net/gampad/*xml_vmap1**://pubads.g.doubleclick.net/gampad/*ad**://*.adsafeprotected.com/*/Serving/*addons-search-detection%40mozilla.com:2.0.0*://*.adsafeprotected.com/*/imp/*color-mix(in srgb, currentColor 9%, transparent)from a browser that has no tab or window equals www.facebook.com (Facebook)
Source: firefox.exe, 00000006.00000003.2323849515.0000020D66AE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2280719137.0000020D66AE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2517896865.0000020D66AE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000006.00000003.2323849515.0000020D66AE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2280719137.0000020D66AE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2517896865.0000020D66AE9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000006.00000003.2208563901.0000020D683AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2509910113.0000020D683AE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2799226010.0000020D683AE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: 92965b00-7080-49d1-ba3c-9e5f8a66963b.tmp.9.drString found in binary or memory: {"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372684325600353","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372684328097126","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372684329490032","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372684331286101","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",true],"server":"https://accounts.youtube.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372684332702073","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://www.google.com"},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://edge.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13370185928304315","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"network_stats":{"srtt":1344861},"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372684331989719","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":323701},"server":"https://www.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372684361957477","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://play.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372684333245509","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":272786},"server":"https://accounts.google.com"}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}} equals www.youtube.com (Youtube)
Source: 4b4a2798-5334-484b-84f3-740442092590.tmp.9.drString found in binary or memory: {"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372684325600353","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372684328097126","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372684329490032","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372684331286101","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",true],"server":"https://accounts.youtube.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372684332702073","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://www.google.com"},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://edge.microsoft.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13370185928304315","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"network_stats":{"srtt":1344861},"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372684331989719","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":323701},"server":"https://www.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372684361957477","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://play.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372684333245509","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":272786},"server":"https://accounts.google.com"}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}} equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: firefox.exe, 00000006.00000003.2260923341.0000020D68685000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: firefox.exe, 00000006.00000003.2522370750.0000020D69200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2511352884.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: firefox.exe, 00000006.00000003.2322754486.0000020D682E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: firefox.exe, 00000006.00000003.2322754486.0000020D682E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: firefox.exe, 00000006.00000003.2522370750.0000020D69200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2511352884.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000006.00000003.2518201071.0000020D66AB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2934816906.0000020D686DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2519424939.0000020D65F25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org
Source: firefox.exe, 00000006.00000003.2510368608.0000020D66ABA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/
Source: firefox.exe, 00000006.00000003.2512557733.0000020D68A2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-aarch64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zi
Source: firefox.exe, 00000006.00000003.2512557733.0000020D68A2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-arm-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000006.00000003.2512557733.0000020D68A2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000006.00000003.2512557733.0000020D68A2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-android-x86_64-42954cf0fe8a2bdc97fdc180462a3eaefceb035f.zip
Source: firefox.exe, 00000006.00000003.2512557733.0000020D68A2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.2512557733.0000020D68A2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-linux64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.2512557733.0000020D68A2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2.zip
Source: firefox.exe, 00000006.00000003.2512557733.0000020D68A2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-macosx64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521-2
Source: firefox.exe, 00000006.00000003.2512557733.0000020D68A2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win32-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.2510368608.0000020D66ABA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.2512557733.0000020D68A2D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.org/openh264-win64-aarch64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip
Source: firefox.exe, 00000006.00000003.2516341867.0000020D686DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2512673438.0000020D686DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ciscobinary.openh264.orgP
Source: firefox.exe, 00000006.00000002.3344652609.0000020D6487D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%s
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%sisDownloadsImprovementsAlreadyMigrated
Source: firefox.exe, 00000006.00000003.2482761555.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2280962389.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2792287680.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: firefox.exe, 00000006.00000003.2322754486.0000020D682E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: firefox.exe, 00000006.00000003.2518853011.0000020D65FD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2522370750.0000020D69200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2511352884.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: firefox.exe, 00000006.00000003.2522370750.0000020D69200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2511352884.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: firefox.exe, 00000006.00000003.2322754486.0000020D682E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: firefox.exe, 00000006.00000003.2322754486.0000020D682E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: firefox.exe, 00000006.00000003.2522370750.0000020D69200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2511352884.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: firefox.exe, 00000006.00000003.2522370750.0000020D69200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2511352884.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: firefox.exe, 00000006.00000003.2322754486.0000020D682E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: firefox.exe, 00000006.00000003.2522370750.0000020D69200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2511352884.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000006.00000003.2322754486.0000020D682E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: firefox.exe, 00000006.00000003.2555373983.0000020D65F82000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2519692422.0000020D65F19000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000006.00000003.2261868179.0000020D6836C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
Source: firefox.exe, 00000006.00000003.2210447687.0000020D6AF1C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2510428190.0000020D66AA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2792287680.0000020D65F9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000006.00000003.2792287680.0000020D65F9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000006.00000003.2555726974.0000020D65F16000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2510428190.0000020D66AA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000006.00000003.2514435260.0000020D6B99B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2211892757.0000020D6A452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
Source: firefox.exe, 00000006.00000003.2514435260.0000020D6B99B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2211892757.0000020D6A452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000006.00000003.2819237168.0000020D6428A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3342634452.0000020D6428C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2556758269.0000020D6428A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2327037898.0000020D64292000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2978860813.0000020D6428C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: firefox.exe, 00000006.00000003.2979406321.0000020D64281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2327330749.0000020D64281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-times0
Source: firefox.exe, 00000006.00000003.2819237168.0000020D6428A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3342634452.0000020D6428C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2556758269.0000020D6428A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2327037898.0000020D64292000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2978860813.0000020D6428C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
Source: firefox.exe, 00000006.00000003.2979406321.0000020D64281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2327330749.0000020D64281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 00000006.00000003.2819237168.0000020D6428A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3342634452.0000020D6428C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2556758269.0000020D6428A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2327037898.0000020D64292000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2978860813.0000020D6428C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 00000006.00000002.3339261797.0000020D57B03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/strings
Source: firefox.exe, 00000006.00000003.2521356596.0000020D697BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2268804395.0000020D697EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2210447687.0000020D6AF50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2278005993.0000020D6855E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2210447687.0000020D6AF71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2923306006.0000020D697E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2268355635.0000020D697FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201192700.0000020D6AFE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2924315824.0000020D690B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2517109832.0000020D6855E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2509624422.0000020D6A856000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2275090948.0000020D6B949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2977581333.0000020D68E75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2184963534.0000020D697ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2816422046.0000020D68E75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2512557733.0000020D68A2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2212483815.0000020D6855E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2277329793.0000020D6AA98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2184963534.0000020D697D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2260014346.0000020D6A856000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2924412152.0000020D661FB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000006.00000003.2322754486.0000020D682E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: firefox.exe, 00000006.00000003.2522370750.0000020D69200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2511352884.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ocsp.digicert.com0C
Source: firefox.exe, 00000006.00000003.2522370750.0000020D69200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2511352884.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ocsp.digicert.com0N
Source: firefox.exe, 00000006.00000003.2322754486.0000020D682E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: firefox.exe, 00000006.00000003.2518853011.0000020D65FD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2522370750.0000020D69200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2511352884.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000006.00000002.3344652609.0000020D6487D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000006.00000003.2482761555.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2280962389.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2792287680.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000006.00000003.2522370750.0000020D69200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2511352884.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: firefox.exe, 00000006.00000003.2522370750.0000020D69200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2511352884.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: firefox.exe, 00000006.00000003.2522370750.0000020D69200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2511352884.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000006.00000002.3344652609.0000020D6487D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000006.00000003.2482761555.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2280962389.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2792287680.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%s
Source: firefox.exe, 00000006.00000003.2482761555.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2280962389.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2792287680.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: firefox.exe, 00000006.00000003.2518853011.0000020D65FD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2522370750.0000020D69200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2511352884.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-update
Source: firefox.exe, 00000006.00000003.2261493519.0000020D6855E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2277471922.0000020D6A8B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2816373995.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2325594185.0000020D65F77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2792107683.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3347250129.0000020D64E99000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2212770115.0000020D6824D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2281138918.0000020D65F68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2212770115.0000020D68288000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2212035888.0000020D699B9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2511352884.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2260765454.0000020D69891000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul5
Source: firefox.exe, 00000006.00000003.2509784210.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2277597395.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2816373995.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2792107683.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2511352884.0000020D69855000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul8
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul:scope
Source: firefox.exe, 00000006.00000003.2260203264.0000020D6A843000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulGkj
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulNot
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E45000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulObserver
Source: firefox.exe, 00000006.00000003.2206927257.0000020D6A8AD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2259779201.0000020D6A8B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2277471922.0000020D6A8B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulX
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulhttp://www.mozilla.org/keymaster/gateke
Source: firefox.exe, 00000006.00000003.2322754486.0000020D682E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000006.00000003.2322754486.0000020D682E3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000006.00000003.2158104161.0000020D6886B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2158250769.0000020D68883000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157794463.0000020D68836000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157630457.0000020D6881C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157928283.0000020D68850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157501525.0000020D68600000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000006.00000003.2274256644.0000020D6B966000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000006.00000003.2259779201.0000020D6A8C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2277384653.0000020D6A8C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2206927257.0000020D6A8C5000.00000004.00000800.00020000.00000000.sdmp, Session_13370092325805013.8.drString found in binary or memory: https://accounts.google.com
Source: MediaDeviceSalts.8.dr, Session_13370092325805013.8.dr, 000003.log2.8.drString found in binary or memory: https://accounts.google.com/
Source: MediaDeviceSalts.8.drString found in binary or memory: https://accounts.google.com//
Source: Favicons.8.dr, History.8.drString found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/v3/signin/challeng
Source: firefox.exe, 0000000D.00000002.3330356220.000002696E1CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Service
Source: firefox.exe, 00000013.00000002.3333267008.0000027574ED0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.goog
Source: firefox.exe, 0000000D.00000002.3331395554.000002696E2B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.googj
Source: Favicons.8.dr, History.8.dr, Session_13370092325805013.8.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.co
Source: Favicons.8.drString found in binary or memory: https://accounts.google.com/favicon.ico
Source: firefox.exe, 0000000D.00000002.3330356220.000002696E1CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/p
Source: file.exe, 00000000.00000003.2086152667.0000000001440000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094253410.0000000001440000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000003.2089259536.000002DB9EFED000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000002.00000002.2094235910.000002DB9EFF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: firefox.exe, 00000006.00000003.2146198702.0000020D59E8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_STRINGS
Source: file.exe, 00000000.00000003.2086152667.0000000001440000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094253410.0000000001440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdt
Source: file.exe, 00000000.00000003.2086152667.0000000001440000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2094253410.0000000001440000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdww
Source: file.exe, 00000000.00000002.2094253410.000000000145C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086152667.000000000145C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdx
Source: Favicons.8.dr, History.8.dr, Session_13370092325805013.8.dr, WebAssistDatabase.8.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fs
Source: firefox.exe, 00000006.00000003.2280889135.0000020D66AA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2327456972.0000020D64253000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.orgupgradeTabsProgressListenerhttps://monitor.firefox.com
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000006.00000003.2510478582.0000020D66A96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000006.00000003.2555373983.0000020D65F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000006.00000003.2518853011.0000020D65FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/re
Source: firefox.exe, 00000006.00000002.3339261797.0000020D57B0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000006.00000003.2327037898.0000020D642B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.3332312726.000002696E5B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3331063324.0000027574DB7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: firefox.exe, 00000006.00000003.2327037898.0000020D642B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.3332312726.000002696E5B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3331063324.0000027574DB7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: firefox.exe, 00000006.00000003.2280589083.0000020D6812C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2281138918.0000020D65F68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64EB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180Fixes
Source: 0cc5164e-0cc2-4871-8050-54fb5e758fa6.tmp.9.dr, 4b4a2798-5334-484b-84f3-740442092590.tmp.9.dr, 92965b00-7080-49d1-ba3c-9e5f8a66963b.tmp.9.drString found in binary or memory: https://clients2.google.com
Source: 0cc5164e-0cc2-4871-8050-54fb5e758fa6.tmp.9.dr, 4b4a2798-5334-484b-84f3-740442092590.tmp.9.dr, 92965b00-7080-49d1-ba3c-9e5f8a66963b.tmp.9.drString found in binary or memory: https://clients2.googleusercontent.com
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157630457.0000020D6881C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157928283.0000020D68850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157501525.0000020D68600000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000006.00000003.2327037898.0000020D642B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.3332312726.000002696E5B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3331063324.0000027574DB7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36
Source: firefox.exe, 00000006.00000003.2327037898.0000020D642B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.3332312726.000002696E5B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3331063324.0000027574DB7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 00000006.00000002.3339261797.0000020D57B0E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3339261797.0000020D57B32000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000006.00000003.2514435260.0000020D6B99B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2211892757.0000020D6A452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTab
Source: firefox.exe, 00000006.00000003.2211892757.0000020D6A452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000006.00000003.2514435260.0000020D6B99B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2211892757.0000020D6A452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCapture
Source: firefox.exe, 00000006.00000003.2514435260.0000020D6B99B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2211892757.0000020D6A452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#Encryption
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinationschr
Source: firefox.exe, 00000006.00000003.2514435260.0000020D6B99B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2211892757.0000020D6A452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
Source: firefox.exe, 00000006.00000003.2158104161.0000020D6886B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2977711627.0000020D6824D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2158250769.0000020D68883000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157794463.0000020D68836000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2212770115.0000020D6824D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157630457.0000020D6881C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157928283.0000020D68850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157501525.0000020D68600000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 00000006.00000003.2482699380.0000020D65FD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2932806979.0000020D6617F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2280962389.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3344652609.0000020D6487D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2792287680.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2270637857.0000020D6617D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3351771859.0000020D6617F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2924412152.0000020D6617F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sbrowser.fixup.domainsuffixwhitelist.http://win.mail.ru/cg
Source: firefox.exe, 00000006.00000003.2482761555.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2280962389.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2792287680.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000006.00000003.2482761555.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2280962389.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2792287680.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: 000003.log6.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtrac
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: firefox.exe, 00000006.00000003.2482699380.0000020D65FD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2932806979.0000020D6617F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2280962389.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2792287680.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2270637857.0000020D6617D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3351771859.0000020D6617F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2924412152.0000020D6617F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000006.00000003.2514435260.0000020D6B99B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2211892757.0000020D6A452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000006.00000003.2212000744.0000020D6A416000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2511648981.0000020D6A416000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/remote/Security.html
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main-preview/collections/search-config/reco
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/records
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/recordshandl
Source: firefox.exe, 00000006.00000003.2519424939.0000020D65F25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2819237168.0000020D64286000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64EE7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main-preview/collections/search-config/reco
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/records
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/recordsGetti
Source: firefox.exe, 00000006.00000003.2792287680.0000020D65F9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/monitor/collections/changes/changeset?_expe
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1_migrateHashedKeysForXULStoreForDocument/
Source: 4b4a2798-5334-484b-84f3-740442092590.tmp.9.dr, 92965b00-7080-49d1-ba3c-9e5f8a66963b.tmp.9.drString found in binary or memory: https://fonts.gstatic.com
Source: firefox.exe, 00000006.00000003.2280889135.0000020D66AA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 00000006.00000002.3343349251.0000020D643A2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.comnsChannelClassifierLeak
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://gaana.com/
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
Source: firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157630457.0000020D6881C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157928283.0000020D68850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157501525.0000020D68600000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshotshttps://screenshots.firefox.com/
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla/webcompat-reporter
Source: firefox.exe, 00000006.00000003.2206927257.0000020D6A8C5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
Source: firefox.exe, 00000006.00000003.2738661516.000017770DF80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.comC
Source: firefox.exe, 00000006.00000003.2738661516.000017770DF80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.comI
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3339261797.0000020D57B0E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881Use
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 00000013.00000002.3331063324.0000027574DB7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000006.00000003.2792287680.0000020D65F9E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: firefox.exe, 00000006.00000003.2261868179.0000020D6836C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 00000006.00000003.2555373983.0000020D65F82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000006.00000003.2792287680.0000020D65F9E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000006.00000003.2274256644.0000020D6B966000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2934204096.0000247239A03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: firefox.exe, 00000006.00000003.2934204096.0000247239A03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.comZ
Source: firefox.exe, 00000006.00000003.2274256644.0000020D6B966000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://m.kugou.com/
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://m.soundcloud.com/
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://m.vk.com/
Source: firefox.exe, 00000006.00000003.2482699380.0000020D65FD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2932806979.0000020D6617F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2280962389.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2792287680.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2270637857.0000020D6617D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3351771859.0000020D6617F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2924412152.0000020D6617F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%sRestartOnLastWindowClosed.#onRestartTimerExpire
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%shttps://email.seznam.cz/newMessageScreen?mailto=%s
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2270637857.0000020D6617D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3351771859.0000020D6617F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2924412152.0000020D6617F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sget
Source: firefox.exe, 00000006.00000003.2482761555.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2280962389.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2792287680.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000006.00000003.2482699380.0000020D65FD0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2932806979.0000020D6617F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2280962389.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3344652609.0000020D6487D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2792287680.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2270637857.0000020D6617D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3351771859.0000020D6617F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2924412152.0000020D6617F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000006.00000003.2482761555.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2280962389.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2792287680.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 0000000D.00000002.3332312726.000002696E572000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3331063324.0000027574D90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000006.00000003.2818019130.0000020D64DAE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2327456972.0000020D64253000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: firefox.exe, 00000006.00000002.3336263856.000001A73C4B3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org/
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://music.amazon.com
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://music.apple.com
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://music.yandex.com
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mzl.la/3NS9KJd
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://open.spotify.com
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2270637857.0000020D6617D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3351771859.0000020D6617F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2924412152.0000020D6617F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/0/
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/0/
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2270637857.0000020D6617D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3351771859.0000020D6617F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2924412152.0000020D6617F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%shttp://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sresource://gre/modules/DefaultCLH.sys.mjsextension/bing
Source: firefox.exe, 00000006.00000003.2482761555.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2280962389.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2792287680.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000006.00000003.2519424939.0000020D65F25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com_isRemoteDebuggingEnabledprofilerRecordingButtonCreateduseDistinctSystem
Source: firefox.exe, 00000006.00000003.2518201071.0000020D66AB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2934816906.0000020D686DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2512673438.0000020D686DE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com
Source: firefox.exe, 00000006.00000003.2518201071.0000020D66AB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/
Source: firefox.exe, 00000006.00000003.2518967351.0000020D65F68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-linux-x64.zip
Source: firefox.exe, 00000006.00000003.2518967351.0000020D65F68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-arm64.zip
Source: firefox.exe, 00000006.00000003.2518967351.0000020D65F68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-mac-x64.zip
Source: firefox.exe, 00000006.00000003.2518967351.0000020D65F68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-arm64.zip
Source: firefox.exe, 00000006.00000003.2510428190.0000020D66AA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2977842497.0000020D68142000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x64.zip
Source: firefox.exe, 00000006.00000003.2518967351.0000020D65F68000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redirector.gvt1.com/edgedl/widevine-cdm/4.10.2557.0-win-x86.zip
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000006.00000003.2280889135.0000020D66AA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2327456972.0000020D64253000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000006.00000003.2157501525.0000020D68600000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2325244895.0000020D65FD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3350413856.0000020D65FD9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com//shims/mochitest-shim-1.js
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com//shims/mochitest-shim-1.js/shims/mochitest-shim-2.js/shims/mochitest
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.compictureinpicture.settingsbrowser.urlbar.suggest.topsitesbrowser.migra
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 00000006.00000003.2517542831.0000020D68511000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2205623169.0000020D681EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2205623169.0000020D681EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixelSHUTDOWN_PHASE_DURATION_TICKS_PROFILE_CHANGE_NET
Source: firefox.exe, 00000006.00000003.2280889135.0000020D66AA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2327456972.0000020D64253000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000006.00000003.2277329793.0000020D6AAA6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64EE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2817761629.0000020D68142000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2513584915.0000020D682EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000006.00000003.2211892757.0000020D6A452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windows
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.orgnetwork.proxy.backup.socks_port_migrateXULStoreForDocumentgeckoprofiler
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://tidal.com/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000006.00000003.2211892757.0000020D6A452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000006.00000003.2211892757.0000020D6A452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000006.00000003.2211892757.0000020D6A452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000006.00000003.2211892757.0000020D6A452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000006.00000003.2280889135.0000020D66AA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2327456972.0000020D64253000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.comtestPermissionFromPrincipalremoveTabsProgressListenermaybeShowOnboardi
Source: firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://twitter.com/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://vibe.naver.com/today
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://web.telegram.org/
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://web.whatsapp.com
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000006.00000003.2327037898.0000020D642B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.3332312726.000002696E5B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3331063324.0000027574DB7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E45000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2516341867.0000020D686F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2158104161.0000020D6886B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2260923341.0000020D686F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2280012100.0000020D686F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2203109060.0000020D686F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2158250769.0000020D68883000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157794463.0000020D68836000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2934816906.0000020D686F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157630457.0000020D6881C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157928283.0000020D68850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157501525.0000020D68600000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/color-mix(in
Source: firefox.exe, 00000006.00000003.2327037898.0000020D642B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.3332312726.000002696E5B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3331063324.0000027574DB7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://www.deezer.com/
Source: firefox.exe, 00000006.00000003.2522370750.0000020D69200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2511352884.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157630457.0000020D6881C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157928283.0000020D68850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157501525.0000020D68600000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/policies/privacy/
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2158104161.0000020D6886B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2977711627.0000020D6824D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2158250769.0000020D68883000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157794463.0000020D68836000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2212770115.0000020D6824D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157630457.0000020D6881C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157928283.0000020D68850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157501525.0000020D68600000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/searchq=
Source: 4b4a2798-5334-484b-84f3-740442092590.tmp.9.dr, 92965b00-7080-49d1-ba3c-9e5f8a66963b.tmp.9.drString found in binary or memory: https://www.googleapis.com
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://www.iheart.com/podcast/
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://www.instagram.com
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://www.last.fm/
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://www.messenger.com
Source: firefox.exe, 00000006.00000003.2483117847.0000020D64D3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3331105929.0000005C185FC000.00000004.00000010.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3343349251.0000020D6437F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000013.00000002.3331063324.0000027574DB7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
Source: firefox.exe, 00000006.00000002.3342360238.0000020D6425F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2327330749.0000020D6425F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox//K:d
Source: firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000006.00000002.3331105929.0000005C185FC000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.orgo
Source: firefox.exe, 00000006.00000003.2934204096.0000247239A03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2281084964.0000020D65F92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: firefox.exe, 00000006.00000003.2934204096.0000247239A03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.comZ
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://www.office.com
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64EBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2326866131.0000020D643D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2818783983.0000020D643C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org/plugins-widevine-descriptionensureProperCDMInstallStateget
Source: firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000006.00000003.2934204096.0000247239A03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tsn.ca
Source: firefox.exe, 00000006.00000003.2934204096.0000247239A03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tsn.caZ
Source: firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.widevine.com/
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://www.youtube.com
Source: firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000006.00000003.2514435260.0000020D6B99B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2211892757.0000020D6A452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
Source: d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drString found in binary or memory: https://y.music.163.com/m/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49961 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49958 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49961
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49957
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49957 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49737 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49746 version: TLS 1.2
Source: unknownHTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.5:49767 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49774 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49776 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49779 version: TLS 1.2
Source: unknownHTTPS traffic detected: 3.164.68.56:443 -> 192.168.2.5:49777 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49782 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49781 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49783 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.85.23.86:443 -> 192.168.2.5:49955 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49959 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49958 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49960 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49961 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49962 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00B6EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00B6ED6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00B6EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_00B5AA57
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B89576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00B89576

System Summary

barindex
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_a3a3f09f-8
Source: file.exe, 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_0fc6e7a4-3
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_660af650-9
Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_4895a0eb-f
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_00000275752D26F7 NtQuerySystemInformation,19_2_00000275752D26F7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_0000027575404632 NtQuerySystemInformation,19_2_0000027575404632
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_00B5D5EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B51201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00B51201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_00B5E8F6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF80600_2_00AF8060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B620460_2_00B62046
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B582980_2_00B58298
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B2E4FF0_2_00B2E4FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B2676B0_2_00B2676B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B848730_2_00B84873
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B1CAA00_2_00B1CAA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AFCAF00_2_00AFCAF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B0CC390_2_00B0CC39
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B26DD90_2_00B26DD9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF91C00_2_00AF91C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B0B1190_2_00B0B119
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B113940_2_00B11394
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B117060_2_00B11706
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B1781B0_2_00B1781B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B119B00_2_00B119B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF79200_2_00AF7920
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B0997D0_2_00B0997D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B17A4A0_2_00B17A4A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B17CA70_2_00B17CA7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B11C770_2_00B11C77
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B29EEE0_2_00B29EEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B7BE440_2_00B7BE44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B11F320_2_00B11F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_00000275752D26F719_2_00000275752D26F7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_000002757540463219_2_0000027575404632
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_0000027575404D5C19_2_0000027575404D5C
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_000002757540467219_2_0000027575404672
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00B0F9F2 appears 40 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00B10A30 appears 46 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00AF9CB3 appears 31 times
Source: file.exe, 00000000.00000002.2094253410.000000000145C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs file.exe
Source: file.exe, 00000000.00000003.2086152667.000000000145C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs file.exe
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal64.evad.winEXE@71/277@29/22
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B637B5 GetLastError,FormatMessageW,0_2_00B637B5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B510BF AdjustTokenPrivileges,CloseHandle,0_2_00B510BF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B516C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00B516C3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B651CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_00B651CD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,0_2_00B5D4DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_00B6648E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00AF42A2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\e497eb2d-6417-47c4-ab91-624b1194566c.tmpJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: file.exeReversingLabs: Detection: 26%
Source: file.exeVirustotal: Detection: 30%
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2068,i,5020802351370536998,15262219808379348083,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2972 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2248 -parentBuildID 20230927232528 -prefsHandle 2192 -prefMapHandle 2184 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13c17ad6-1eb2-4955-9856-7bf69971fb7d} 2820 "\\.\pipe\gecko-crash-server-pipe.2820" 20d57b6e510 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6968 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7156 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7492 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7388 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7372 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4576 -parentBuildID 20230927232528 -prefsHandle 4568 -prefMapHandle 4564 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee4f6238-5873-40cd-9a85-d99669e8d9c0} 2820 "\\.\pipe\gecko-crash-server-pipe.2820" 20d6a8f4a10 rdd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=8232 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2068,i,5020802351370536998,15262219808379348083,262144 /prefetch:3Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2248 -parentBuildID 20230927232528 -prefsHandle 2192 -prefMapHandle 2184 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13c17ad6-1eb2-4955-9856-7bf69971fb7d} 2820 "\\.\pipe\gecko-crash-server-pipe.2820" 20d57b6e510 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4576 -parentBuildID 20230927232528 -prefsHandle 4568 -prefMapHandle 4564 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee4f6238-5873-40cd-9a85-d99669e8d9c0} 2820 "\\.\pipe\gecko-crash-server-pipe.2820" 20d6a8f4a10 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2972 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6968 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7156 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7492 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7388 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7372 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=8232 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: firefox.exe, 00000006.00000003.2512673438.0000020D68673000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2522370750.0000020D69200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: firefox.exe, 00000006.00000003.2512673438.0000020D68673000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2522370750.0000020D69200000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.dr
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00AF42DE
Source: gmpopenh264.dll.tmp.6.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B10A76 push ecx; ret 0_2_00B10A89
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B0F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00B0F98E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B81C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00B81C41
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96869
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_00000275752D26F7 rdtsc 19_2_00000275752D26F7
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.2 %
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00B5DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B2C2A2 FindFirstFileExW,0_2_00B2C2A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B668EE FindFirstFileW,FindClose,0_2_00B668EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00B6698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00B5D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00B5D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B69642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00B69642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00B6979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B69B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00B69B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B65C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00B65C97
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00AF42DE
Source: Web Data.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: Web Data.8.drBinary or memory string: discord.comVMware20,11696428655f
Source: Web Data.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: Web Data.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: firefox.exe, 00000013.00000002.3334294613.0000027575300000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllO
Source: Web Data.8.drBinary or memory string: global block list test formVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: firefox.exe, 00000006.00000002.3340281028.0000020D59E33000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2146198702.0000020D59E57000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2146198702.0000020D59E45000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.3335750049.000002696E700000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3329813846.0000027574B1A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3334294613.0000027575300000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 00000006.00000002.3344134759.0000020D643C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2556596031.0000020D643C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2483524824.0000020D643C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2326866131.0000020D643C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2818783983.0000020D643C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.3334755819.000002696E61D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: Web Data.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: firefox.exe, 0000000D.00000002.3335750049.000002696E702000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll+lt
Source: Web Data.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: Web Data.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: firefox.exe, 00000006.00000003.3234922996.000017770DF40000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual disk
Source: Web Data.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
Source: firefox.exe, 0000000D.00000002.3330356220.000002696E1CA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: Web Data.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: Web Data.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: Web Data.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: Web Data.8.drBinary or memory string: outlook.office365.comVMware20,11696428655t
Source: Web Data.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: firefox.exe, 00000006.00000003.2146198702.0000020D59E8E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.3335750049.000002696E702000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3334294613.0000027575300000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Web Data.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: Web Data.8.drBinary or memory string: outlook.office.comVMware20,11696428655s
Source: Web Data.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: Web Data.8.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
Source: Web Data.8.drBinary or memory string: AMC password management pageVMware20,11696428655
Source: Web Data.8.drBinary or memory string: tasks.office.comVMware20,11696428655o
Source: Web Data.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: Web Data.8.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: Web Data.8.drBinary or memory string: interactivebrokers.comVMware20,11696428655
Source: firefox.exe, 0000000D.00000002.3335750049.000002696E702000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllPd|
Source: Web Data.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: Web Data.8.drBinary or memory string: dev.azure.comVMware20,11696428655j
Source: Web Data.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: Web Data.8.drBinary or memory string: bankofamerica.comVMware20,11696428655x
Source: Web Data.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: Web Data.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 19_2_00000275752D26F7 rdtsc 19_2_00000275752D26F7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6EAA2 BlockInput,0_2_00B6EAA2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B22622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00B22622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00AF42DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B14CE8 mov eax, dword ptr fs:[00000030h]0_2_00B14CE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B50B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00B50B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B22622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00B22622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B1083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00B1083F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B109D5 SetUnhandledExceptionFilter,0_2_00B109D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B10C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00B10C21
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B51201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00B51201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B32BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00B32BA5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5B226 SendInput,keybd_event,0_2_00B5B226
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B722DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_00B722DA
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B50B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00B50B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B51663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00B51663
Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exeBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B10698 cpuid 0_2_00B10698
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B68195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00B68195
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B4D27A GetUserNameW,0_2_00B4D27A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B2B952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_00B2B952
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00AF42DE
Source: file.exeBinary or memory string: WIN_81
Source: file.exeBinary or memory string: WIN_XP
Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exeBinary or memory string: WIN_XPe
Source: file.exeBinary or memory string: WIN_VISTA
Source: file.exeBinary or memory string: WIN_7
Source: file.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B71204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00B71204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B71806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00B71806
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts
1
Native API
1
DLL Side-Loading
1
Exploitation for Privilege Escalation
1
Disable or Modify Tools
21
Input Capture
2
System Time Discovery
Remote Services1
Archive Collected Data
2
Ingress Tool Transfer
Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job2
Valid Accounts
1
DLL Side-Loading
1
Deobfuscate/Decode Files or Information
LSASS Memory1
Account Discovery
Remote Desktop Protocol21
Input Capture
11
Encrypted Channel
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
Valid Accounts
2
Obfuscated Files or Information
Security Account Manager2
File and Directory Discovery
SMB/Windows Admin Shares3
Clipboard Data
3
Non-Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
Access Token Manipulation
1
DLL Side-Loading
NTDS15
System Information Discovery
Distributed Component Object ModelInput Capture4
Application Layer Protocol
Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script12
Process Injection
1
Masquerading
LSA Secrets131
Security Software Discovery
SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
Valid Accounts
Cached Domain Credentials1
Virtualization/Sandbox Evasion
VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
Virtualization/Sandbox Evasion
DCSync3
Process Discovery
Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
Access Token Manipulation
Proc Filesystem1
Application Window Discovery
Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt12
Process Injection
/etc/passwd and /etc/shadow1
System Owner/User Discovery
Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1505536 Sample: file.exe Startdate: 06/09/2024 Architecture: WINDOWS Score: 64 42 telemetry-incoming.r53-2.services.mozilla.com 2->42 44 services.addons.mozilla.org 2->44 46 11 other IPs or domains 2->46 64 Multi AV Scanner detection for submitted file 2->64 66 Binary is likely a compiled AutoIt script file 2->66 68 Machine Learning detection for sample 2->68 70 AI detected suspicious sample 2->70 8 file.exe 1 2->8         started        11 msedge.exe 104 405 2->11         started        14 firefox.exe 1 2->14         started        signatures3 process4 dnsIp5 72 Binary is likely a compiled AutoIt script file 8->72 74 Found API chain indicative of sandbox detection 8->74 16 msedge.exe 10 8->16         started        18 firefox.exe 1 8->18         started        60 192.168.2.5, 443, 49703, 49710 unknown unknown 11->60 62 239.255.255.250 unknown Reserved 11->62 20 msedge.exe 11->20         started        23 msedge.exe 11->23         started        25 msedge.exe 11->25         started        30 4 other processes 11->30 27 firefox.exe 3 96 14->27         started        signatures6 process7 dnsIp8 32 msedge.exe 16->32         started        48 13.107.246.40, 443, 49742, 49743 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 20->48 50 ssl.bingadsedgeextension-prod-europe.azurewebsites.net 94.245.104.56, 443, 49710 MICROSOFT-CORP-MSN-AS-BLOCKUS United Kingdom 20->50 56 15 other IPs or domains 20->56 52 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49757, 49765, 49778 GOOGLEUS United States 27->52 54 telemetry-incoming.r53-2.services.mozilla.com 34.120.208.123, 443, 49958, 49959 GOOGLEUS United States 27->54 58 5 other IPs or domains 27->58 38 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 27->38 dropped 40 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 27->40 dropped 34 firefox.exe 27->34         started        36 firefox.exe 27->36         started        file9 process10

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
file.exe26%ReversingLabs
file.exe30%VirustotalBrowse
file.exe100%Joe Sandbox ML
SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.0%URL Reputationsafe
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge0%URL Reputationsafe
https://i.y.qq.com/n2/m/index.html0%URL Reputationsafe
https://www.deezer.com/0%URL Reputationsafe
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsing0%URL Reputationsafe
http://win.mail.ru/cgi-bin/sentmsg?mailto=%s0%URL Reputationsafe
https://support.mozilla.orgnetwork.proxy.backup.socks_port_migrateXULStoreForDocumentgeckoprofiler0%Avira URL Cloudsafe
https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/records0%Avira URL Cloudsafe
https://merino.services.mozilla.com/api/v1/suggest0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%Avira URL Cloudsafe
https://excel.new?from=EdgeM365Shoreline0%URL Reputationsafe
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%Avira URL Cloudsafe
http://detectportal.firefox.com/0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%Avira URL Cloudsafe
https://www.msn.comZ0%Avira URL Cloudsafe
https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e40%Avira URL Cloudsafe
http://www.mozilla.com00%Avira URL Cloudsafe
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref0%URL Reputationsafe
https://outlook.live.com/mail/0/0%URL Reputationsafe
https://www.tsn.ca0%URL Reputationsafe
https://tidal.com/0%URL Reputationsafe
https://gaana.com/0%URL Reputationsafe
https://outlook.live.com/mail/compose?isExtension=true0%URL Reputationsafe
https://spocs.getpocket.com/spocs0%Avira URL Cloudsafe
https://www.youtube.com0%Avira URL Cloudsafe
https://www.instagram.com0%Avira URL Cloudsafe
https://completion.amazon.com/search/complete?q=0%Avira URL Cloudsafe
https://monitor.firefox.com/breach-details/0%Avira URL Cloudsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%Avira URL Cloudsafe
https://ads.stickyadstv.com/firefox-etp0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%Avira URL Cloudsafe
https://screenshots.firefox.com0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%Avira URL Cloudsafe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%Avira URL Cloudsafe
https://www.amazon.com/exec/obidos/external-search/0%Avira URL Cloudsafe
https://xhr.spec.whatwg.org/#sync-warning0%Avira URL Cloudsafe
https://profiler.firefox.com/0%Avira URL Cloudsafe
https://outlook.office.com/mail/compose?isExtension=true0%Avira URL Cloudsafe
https://github.com/mozilla-services/screenshots0%Avira URL Cloudsafe
https://www.msn.com0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/addon/0%Avira URL Cloudsafe
http://exslt.org/sets0%Avira URL Cloudsafe
https://tracking-protection-issues.herokuapp.com/new0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%Avira URL Cloudsafe
https://api.accounts.firefox.com/v10%Avira URL Cloudsafe
http://exslt.org/common0%Avira URL Cloudsafe
http://exslt.org/dates-and-times00%Avira URL Cloudsafe
https://web.telegram.org/0%Avira URL Cloudsafe
https://fpn.firefox.com0%Avira URL Cloudsafe
https://screenshots.firefox.com//shims/mochitest-shim-1.js0%Avira URL Cloudsafe
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.360%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%Avira URL Cloudsafe
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%Avira URL Cloudsafe
https://www.widevine.com/0%Avira URL Cloudsafe
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%Avira URL Cloudsafe
http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinationschr0%Avira URL Cloudsafe
http://127.0.0.1:0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%Avira URL Cloudsafe
https://www.youtube.com/0%Avira URL Cloudsafe
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%Avira URL Cloudsafe
https://bugzilla.mo0%Avira URL Cloudsafe
https://www.google.com/favicon.ico0%Avira URL Cloudsafe
https://amazon.com0%Avira URL Cloudsafe
https://mitmdetection.services.mozilla.com/0%Avira URL Cloudsafe
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde74770%Avira URL Cloudsafe
https://static.adsafeprotected.com/firefox-etp-js0%Avira URL Cloudsafe
https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture0%Avira URL Cloudsafe
https://spocs.getpocket.com/0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%Avira URL Cloudsafe
https://github.com/mozilla-services/screenshotshttps://screenshots.firefox.com/0%Avira URL Cloudsafe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%Avira URL Cloudsafe
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx0%Avira URL Cloudsafe
http://exslt.org/strings0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%Avira URL Cloudsafe
https://monitor.firefox.com/user/breach-stats?includeResolved=true0%Avira URL Cloudsafe
https://www.office.com0%Avira URL Cloudsafe
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-0%Avira URL Cloudsafe
http://www.inbox.lv/rfc2368/?value=%su0%Avira URL Cloudsafe
https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%Avira URL Cloudsafe
https://monitor.firefox.com/user/dashboard0%Avira URL Cloudsafe
https://www.tsn.caZ0%Avira URL Cloudsafe
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%Avira URL Cloudsafe
https://monitor.firefox.com/about0%Avira URL Cloudsafe
http://mozilla.org/MPL/2.0/.0%Avira URL Cloudsafe
https://account.bellmedia.c0%Avira URL Cloudsafe
https://www.openh264.org/0%Avira URL Cloudsafe
https://login.microsoftonline.com0%Avira URL Cloudsafe
https://coverage.mozilla.org0%Avira URL Cloudsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%Avira URL Cloudsafe
http://x1.i.lencr.org/00%Avira URL Cloudsafe
http://x1.c.lencr.org/00%Avira URL Cloudsafe
https://blocked.cdn.mozilla.net/0%Avira URL Cloudsafe
https://fpn.firefox.comnsChannelClassifierLeak0%Avira URL Cloudsafe
http://developer.mozilla.org/en/docs/DOM:element.addEventListener0%Avira URL Cloudsafe
https://profiler.firefox.com0%Avira URL Cloudsafe
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalse
    unknown
    chrome.cloudflare-dns.com
    162.159.61.3
    truefalse
      unknown
      prod.classify-client.prod.webservices.mozgcp.net
      35.190.72.216
      truefalse
        unknown
        prod.balrog.prod.cloudops.mozgcp.net
        35.244.181.201
        truefalse
          unknown
          prod.detectportal.prod.cloudops.mozgcp.net
          34.107.221.82
          truefalse
            unknown
            services.addons.mozilla.org
            3.164.68.56
            truefalse
              unknown
              ipv4only.arpa
              192.0.0.171
              truefalse
                unknown
                ssl.bingadsedgeextension-prod-europe.azurewebsites.net
                94.245.104.56
                truefalse
                  unknown
                  prod.remote-settings.prod.webservices.mozgcp.net
                  34.149.100.209
                  truefalse
                    unknown
                    googlehosted.l.googleusercontent.com
                    142.250.185.97
                    truefalse
                      unknown
                      sni1gl.wpc.nucdn.net
                      152.199.21.175
                      truefalse
                        unknown
                        telemetry-incoming.r53-2.services.mozilla.com
                        34.120.208.123
                        truefalse
                          unknown
                          detectportal.firefox.com
                          unknown
                          unknownfalse
                            unknown
                            clients2.googleusercontent.com
                            unknown
                            unknownfalse
                              unknown
                              bzib.nelreports.net
                              unknown
                              unknownfalse
                                unknown
                                firefox.settings.services.mozilla.com
                                unknown
                                unknownfalse
                                  unknown
                                  NameMaliciousAntivirus DetectionReputation
                                  https://www.google.com/favicon.icofalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crxfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=40249-e88c401e1b1f2242d9e4firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://detectportal.firefox.com/firefox.exe, 00000006.00000003.2261868179.0000020D6836C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://www.msn.comZfirefox.exe, 00000006.00000003.2934204096.0000247239A03000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.mozilla.com0firefox.exe, 00000006.00000003.2518853011.0000020D65FD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2522370750.0000020D69200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2511352884.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.firefox.exe, 00000006.00000003.2327037898.0000020D642B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.3332312726.000002696E5B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3331063324.0000027574DB7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/recordsfirefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://support.mozilla.orgnetwork.proxy.backup.socks_port_migrateXULStoreForDocumentgeckoprofilerfirefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 0000000D.00000002.3332312726.000002696E572000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3331063324.0000027574D90000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://spocs.getpocket.com/spocsfirefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://screenshots.firefox.comfirefox.exe, 00000006.00000003.2280889135.0000020D66AA2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2327456972.0000020D64253000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://www.youtube.comd57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://completion.amazon.com/search/complete?q=firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157630457.0000020D6881C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157928283.0000020D68850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157501525.0000020D68600000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://www.instagram.comd57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://monitor.firefox.com/breach-details/firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 00000006.00000003.2514435260.0000020D6B99B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2211892757.0000020D6A452000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000006.00000002.3347250129.0000020D64E45000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2516341867.0000020D686F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2158104161.0000020D6886B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2260923341.0000020D686F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2280012100.0000020D686F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2203109060.0000020D686F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2158250769.0000020D68883000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157794463.0000020D68836000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2934816906.0000020D686F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157630457.0000020D6881C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157928283.0000020D68850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157501525.0000020D68600000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://profiler.firefox.com/firefox.exe, 00000006.00000003.2519424939.0000020D65F25000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://www.msn.comfirefox.exe, 00000006.00000003.2934204096.0000247239A03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2281084964.0000020D65F92000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedged57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://outlook.office.com/mail/compose?isExtension=trued57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://github.com/mozilla-services/screenshotsfirefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157630457.0000020D6881C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157928283.0000020D68850000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2157501525.0000020D68600000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://exslt.org/setsfirefox.exe, 00000006.00000003.2819237168.0000020D6428A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3342634452.0000020D6428C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2556758269.0000020D6428A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2327037898.0000020D64292000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2978860813.0000020D6428C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://i.y.qq.com/n2/m/index.htmld57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://www.deezer.com/d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://web.telegram.org/d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingfirefox.exe, 00000006.00000003.2514435260.0000020D6B99B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2211892757.0000020D6A452000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  unknown
                                  http://exslt.org/dates-and-times0firefox.exe, 00000006.00000003.2979406321.0000020D64281000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2327330749.0000020D64281000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://api.accounts.firefox.com/v1firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://exslt.org/commonfirefox.exe, 00000006.00000003.2819237168.0000020D6428A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3342634452.0000020D6428C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2556758269.0000020D6428A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2327037898.0000020D64292000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2978860813.0000020D6428C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://screenshots.firefox.com//shims/mochitest-shim-1.jsfirefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://fpn.firefox.comfirefox.exe, 00000006.00000003.2280889135.0000020D66AA2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://www.widevine.com/firefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://ocsp.rootca1.amazontrust.com0:firefox.exe, 00000006.00000003.2322754486.0000020D682E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://win.mail.ru/cgi-bin/sentmsg?mailto=%sfirefox.exe, 00000006.00000002.3344652609.0000020D6487D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinationschrfirefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://excel.new?from=EdgeM365Shorelined57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://www.youtube.com/firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://127.0.0.1:firefox.exe, 00000006.00000003.2260923341.0000020D68685000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://bugzilla.mofirefox.exe, 00000006.00000003.2280589083.0000020D6812C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2281138918.0000020D65F68000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://mitmdetection.services.mozilla.com/firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://amazon.comfirefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 00000006.00000002.3347250129.0000020D64E03000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&reffirefox.exe, 00000006.00000003.2327037898.0000020D642B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.3332312726.000002696E5B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3331063324.0000027574DB7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477firefox.exe, 00000006.00000003.2327037898.0000020D642B5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.3332312726.000002696E5B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3331063324.0000027574DB7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 00000006.00000003.2211892757.0000020D6A452000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://spocs.getpocket.com/firefox.exe, 00000006.00000003.2281138918.0000020D65F3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2482850332.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2518967351.0000020D65F31000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000002.3349858451.0000020D65F31000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://github.com/mozilla-services/screenshotshttps://screenshots.firefox.com/firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://exslt.org/stringsfirefox.exe, 00000006.00000002.3339261797.0000020D57B03000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://www.office.comd57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://outlook.live.com/mail/0/d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://services.addons.mozilla.org/api/v4/addons/search/?guid=default-theme%40mozilla.org%2Caddons-firefox.exe, 00000006.00000003.2517542831.0000020D68511000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYifirefox.exe, 00000013.00000002.3331063324.0000027574DB7000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.6.drfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 00000006.00000003.2482761555.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2280962389.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2792287680.0000020D65FC1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://monitor.firefox.com/user/dashboardfirefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://www.tsn.caZfirefox.exe, 00000006.00000003.2934204096.0000247239A03000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://www.tsn.cafirefox.exe, 00000006.00000003.2934204096.0000247239A03000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://tidal.com/d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://monitor.firefox.com/aboutfirefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://mozilla.org/MPL/2.0/.firefox.exe, 00000006.00000003.2521356596.0000020D697BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2268804395.0000020D697EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2210447687.0000020D6AF50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2278005993.0000020D6855E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2210447687.0000020D6AF71000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2923306006.0000020D697E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2268355635.0000020D697FA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2201192700.0000020D6AFE1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2924315824.0000020D690B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2517109832.0000020D6855E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2509624422.0000020D6A856000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2275090948.0000020D6B949000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2977581333.0000020D68E75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2184963534.0000020D697ED000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2816422046.0000020D68E75000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2512557733.0000020D68A2D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2212483815.0000020D6855E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2277329793.0000020D6AA98000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2184963534.0000020D697D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2260014346.0000020D6A856000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2924412152.0000020D661FB000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://account.bellmedia.cfirefox.exe, 00000006.00000003.2274256644.0000020D6B966000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://www.openh264.org/firefox.exe, 00000006.00000002.3347250129.0000020D64EBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2326866131.0000020D643D9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2818783983.0000020D643C6000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://gaana.com/d57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://login.microsoftonline.comfirefox.exe, 00000006.00000003.2274256644.0000020D6B966000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://coverage.mozilla.orgfirefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://crl.thawte.com/ThawteTimestampingCA.crl0firefox.exe, 00000006.00000003.2518853011.0000020D65FD9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2522370750.0000020D69200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2511352884.0000020D69855000.00000004.00000800.00020000.00000000.sdmp, gmpopenh264.dll.tmp.6.drfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://x1.c.lencr.org/0firefox.exe, 00000006.00000003.2322754486.0000020D682E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://x1.i.lencr.org/0firefox.exe, 00000006.00000003.2322754486.0000020D682E3000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://outlook.live.com/mail/compose?isExtension=trued57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drfalse
                                  • URL Reputation: safe
                                  unknown
                                  https://blocked.cdn.mozilla.net/firefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://fpn.firefox.comnsChannelClassifierLeakfirefox.exe, 00000006.00000002.3343349251.0000020D643A2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 00000006.00000003.2514435260.0000020D6B99B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000006.00000003.2211892757.0000020D6A452000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=trued57291ff-4efc-4c0d-93f6-36689279b659.tmp.8.drfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://profiler.firefox.comfirefox.exe, 00000006.00000002.3341298228.0000020D640A0000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000006.00000002.3347250129.0000020D64E7E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.3331744703.000002696E2C0000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3333527199.0000027575270000.00000002.08000000.00040000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs
                                  IPDomainCountryFlagASNASN NameMalicious
                                  142.250.80.46
                                  unknownUnited States
                                  15169GOOGLEUSfalse
                                  13.107.246.40
                                  unknownUnited States
                                  8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  23.55.235.170
                                  unknownUnited States
                                  20940AKAMAI-ASN1EUfalse
                                  152.195.19.97
                                  unknownUnited States
                                  15133EDGECASTUSfalse
                                  162.159.61.3
                                  chrome.cloudflare-dns.comUnited States
                                  13335CLOUDFLARENETUSfalse
                                  172.64.41.3
                                  unknownUnited States
                                  13335CLOUDFLARENETUSfalse
                                  34.120.208.123
                                  telemetry-incoming.r53-2.services.mozilla.comUnited States
                                  15169GOOGLEUSfalse
                                  64.233.180.84
                                  unknownUnited States
                                  15169GOOGLEUSfalse
                                  3.164.68.56
                                  services.addons.mozilla.orgUnited States
                                  16509AMAZON-02USfalse
                                  94.245.104.56
                                  ssl.bingadsedgeextension-prod-europe.azurewebsites.netUnited Kingdom
                                  8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                  34.149.100.209
                                  prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                  2686ATGS-MMD-ASUSfalse
                                  34.107.221.82
                                  prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                  15169GOOGLEUSfalse
                                  35.244.181.201
                                  prod.balrog.prod.cloudops.mozgcp.netUnited States
                                  15169GOOGLEUSfalse
                                  239.255.255.250
                                  unknownReserved
                                  unknownunknownfalse
                                  35.190.72.216
                                  prod.classify-client.prod.webservices.mozgcp.netUnited States
                                  15169GOOGLEUSfalse
                                  142.250.72.110
                                  unknownUnited States
                                  15169GOOGLEUSfalse
                                  142.251.41.3
                                  unknownUnited States
                                  15169GOOGLEUSfalse
                                  142.250.185.97
                                  googlehosted.l.googleusercontent.comUnited States
                                  15169GOOGLEUSfalse
                                  142.251.41.4
                                  unknownUnited States
                                  15169GOOGLEUSfalse
                                  23.44.201.31
                                  unknownUnited States
                                  20940AKAMAI-ASN1EUfalse
                                  IP
                                  192.168.2.5
                                  127.0.0.1
                                  Joe Sandbox version:40.0.0 Tourmaline
                                  Analysis ID:1505536
                                  Start date and time:2024-09-06 12:31:06 +02:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 6m 51s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:24
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:file.exe
                                  Detection:MAL
                                  Classification:mal64.evad.winEXE@71/277@29/22
                                  EGA Information:
                                  • Successful, ratio: 66.7%
                                  HCA Information:
                                  • Successful, ratio: 96%
                                  • Number of executed functions: 36
                                  • Number of non-executed functions: 313
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe
                                  • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 13.107.42.16, 64.233.184.84, 142.250.185.78, 13.107.21.239, 204.79.197.239, 13.107.6.158, 2.19.126.145, 2.19.126.152, 142.250.184.227, 142.250.184.195, 92.123.104.7, 92.123.104.5, 92.123.104.10, 92.123.104.67, 92.123.104.9, 92.123.104.66, 92.123.104.4, 92.123.104.8, 92.123.104.65, 20.199.58.43, 217.20.57.21, 192.229.221.95, 172.217.16.206, 2.22.61.56, 2.22.61.59, 142.250.64.67, 142.250.81.227, 142.250.80.35
                                  • Excluded domains from analysis (whitelisted): cdp-f-ssl-tlu-net.trafficmanager.net, ciscobinary.openh264.org, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, incoming.telemetry.mozilla.org, a17.rackcdn.com.mdc.edgesuite.net, iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com, aus5.mozilla.org, arc.msn.com, star.sf.tlu.dl.delivery.mp.microsoft.com.delivery.microsoft.com, a19.dscg10.akamai.net, d.8.0.a.e.e.f.b.0.0.0.0.0.0.0.0.5.0.0.0.0.0.8.0.0.3.0.1.3.0.6.2.ip6.arpa, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, redirector.gvt1.com, config-edge-skype.l-0007.l-msedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, arc.trafficmanager.net, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, accounts.google.com, bingadsedgeextension-prod.trafficmanager.net, bzib.nelreports.net.akamaized.net, api.edgeoffer.microsoft.com, fonts.gstatic
                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                  • Report size getting too big, too many NtOpenFile calls found.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                  No simulations
                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
                                  • www.aib.gov.uk/
                                  NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                                  • 2s.gg/3zs
                                  PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
                                  • 2s.gg/42Q
                                  06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
                                  • 2s.gg/3zk
                                  Quotation.xlsGet hashmaliciousUnknownBrowse
                                  • 2s.gg/3zM
                                  23.55.235.170file.exeGet hashmaliciousUnknownBrowse
                                    file.exeGet hashmaliciousUnknownBrowse
                                      file.exeGet hashmaliciousUnknownBrowse
                                        file.exeGet hashmaliciousUnknownBrowse
                                          file.exeGet hashmaliciousAmadey, StealcBrowse
                                            file.exeGet hashmaliciousUnknownBrowse
                                              file.exeGet hashmaliciousUnknownBrowse
                                                file.exeGet hashmaliciousUnknownBrowse
                                                  file.exeGet hashmaliciousUnknownBrowse
                                                    file.exeGet hashmaliciousUnknownBrowse
                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      chrome.cloudflare-dns.comfile.exeGet hashmaliciousUnknownBrowse
                                                      • 172.64.41.3
                                                      pud8g3zixE.exeGet hashmaliciousAmadey, StealcBrowse
                                                      • 172.64.41.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      709827261526152615.exeGet hashmaliciousFormBookBrowse
                                                      • 172.64.41.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 172.64.41.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 162.159.61.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 172.64.41.3
                                                      example.orgfile.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      pud8g3zixE.exeGet hashmaliciousAmadey, StealcBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 93.184.215.14
                                                      services.addons.mozilla.orgfile.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.120
                                                      pud8g3zixE.exeGet hashmaliciousAmadey, StealcBrowse
                                                      • 52.222.236.48
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 18.65.39.31
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.120
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.80
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.48
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.120
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.23
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 3.165.190.17
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 52.222.236.80
                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      AKAMAI-ASN1EUpud8g3zixE.exeGet hashmaliciousAmadey, StealcBrowse
                                                      • 23.44.201.4
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 23.219.161.132
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 23.44.201.36
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 23.219.161.132
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 23.44.201.16
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 23.44.201.27
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 23.44.133.38
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 104.126.116.43
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 23.219.82.8
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 104.70.121.219
                                                      CLOUDFLARENETUSSecuriteInfo.com.Exploit.CVE-2017-11882.123.4528.19655.rtfGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                      • 188.114.96.3
                                                      wtfbbq (copy).exeGet hashmaliciousLatrodectusBrowse
                                                      • 172.67.190.90
                                                      https://emyoo.com.au/wp-includes/Text/Diff/Renderer/Get hashmaliciousHTMLPhisherBrowse
                                                      • 104.17.25.14
                                                      Team Liquid Talents Brief.exeGet hashmaliciousLummaCBrowse
                                                      • 188.114.96.3
                                                      New Media Kit Formats For Liquid.exeGet hashmaliciousLummaC, MicroClipBrowse
                                                      • 172.67.146.35
                                                      Distributrnets.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                      • 188.114.96.3
                                                      https://hye.com.mx/Get hashmaliciousUnknownBrowse
                                                      • 104.18.10.207
                                                      Remittance Advice.emlGet hashmaliciousReCaptcha PhishBrowse
                                                      • 104.21.6.3
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 172.64.41.3
                                                      http://hikmaa.com/Get hashmaliciousUnknownBrowse
                                                      • 172.67.41.60
                                                      EDGECASTUSRemittance Advice.emlGet hashmaliciousReCaptcha PhishBrowse
                                                      • 152.199.23.180
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 152.195.19.97
                                                      pud8g3zixE.exeGet hashmaliciousAmadey, StealcBrowse
                                                      • 152.195.19.97
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 152.195.19.97
                                                      709827261526152615.exeGet hashmaliciousFormBookBrowse
                                                      • 152.195.19.97
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 152.195.19.97
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 152.195.19.97
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 152.195.19.97
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 152.195.19.97
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 152.195.19.97
                                                      MICROSOFT-CORP-MSN-AS-BLOCKUSRemittance Advice.emlGet hashmaliciousReCaptcha PhishBrowse
                                                      • 20.189.173.27
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 13.107.246.60
                                                      pud8g3zixE.exeGet hashmaliciousAmadey, StealcBrowse
                                                      • 94.245.104.56
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 94.245.104.56
                                                      ODy57hA4Su.exeGet hashmaliciousTofseeBrowse
                                                      • 52.101.11.0
                                                      Uc84uB877e.exeGet hashmaliciousTofseeBrowse
                                                      • 52.101.8.49
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 13.107.253.72
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 94.245.104.56
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 94.245.104.56
                                                      All-in-one Calculation Tool.xlsmGet hashmaliciousUnknownBrowse
                                                      • 52.111.243.31
                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      28a2c9bd18a11de089ef85a160da29e4https://emyoo.com.au/wp-includes/Text/Diff/Renderer/Get hashmaliciousHTMLPhisherBrowse
                                                      • 13.85.23.86
                                                      • 184.28.90.27
                                                      • 20.12.23.50
                                                      https://clarity-financial.com.au/wp-includes/widgets/Get hashmaliciousUnknownBrowse
                                                      • 13.85.23.86
                                                      • 184.28.90.27
                                                      • 20.12.23.50
                                                      https://hye.com.mx/Get hashmaliciousUnknownBrowse
                                                      • 13.85.23.86
                                                      • 184.28.90.27
                                                      • 20.12.23.50
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 13.85.23.86
                                                      • 184.28.90.27
                                                      • 20.12.23.50
                                                      http://hikmaa.com/Get hashmaliciousUnknownBrowse
                                                      • 13.85.23.86
                                                      • 184.28.90.27
                                                      • 20.12.23.50
                                                      https://www.tiktok.com/link/v2?aid=1988&lang=en&scene=bio_url&target=google.com.////amp/s/%E2%80%8Bt%C2%ADab%C2%ADleg%C2%ADen%C2%ADie%E2%80%8B.%C2%ADi%C2%ADo/dayo/1iuzr/ecqi-resource-center@hhs.govGet hashmaliciousHTMLPhisherBrowse
                                                      • 13.85.23.86
                                                      • 184.28.90.27
                                                      • 20.12.23.50
                                                      pud8g3zixE.exeGet hashmaliciousAmadey, StealcBrowse
                                                      • 13.85.23.86
                                                      • 184.28.90.27
                                                      • 20.12.23.50
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 13.85.23.86
                                                      • 184.28.90.27
                                                      • 20.12.23.50
                                                      IDR-500000000.pdfGet hashmaliciousUnknownBrowse
                                                      • 13.85.23.86
                                                      • 184.28.90.27
                                                      • 20.12.23.50
                                                      http://seoattal.hosted.phplist.com/lists/lt.php?tid=fU9RVwRXBQ1dUE9QVVcFSQQDVFEVAAUABBRSUFtRUwEAAAFaUVNNAl1XU1JRVlFJAgMEXhVWUlMDFAVXAAAfVQcEUFZWBABQXAJRHgUGB1EEUVJeFVBSAlMUUAELUB8FVlcFTlFQBQdUAFNWAVYGBwGet hashmaliciousUnknownBrowse
                                                      • 13.85.23.86
                                                      • 184.28.90.27
                                                      • 20.12.23.50
                                                      fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 3.164.68.56
                                                      • 34.120.208.123
                                                      pud8g3zixE.exeGet hashmaliciousAmadey, StealcBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 3.164.68.56
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 3.164.68.56
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 3.164.68.56
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 3.164.68.56
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 3.164.68.56
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 3.164.68.56
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 3.164.68.56
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 3.164.68.56
                                                      • 34.120.208.123
                                                      file.exeGet hashmaliciousUnknownBrowse
                                                      • 35.244.181.201
                                                      • 34.149.100.209
                                                      • 3.164.68.56
                                                      • 34.120.208.123
                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousUnknownBrowse
                                                        pud8g3zixE.exeGet hashmaliciousAmadey, StealcBrowse
                                                          file.exeGet hashmaliciousUnknownBrowse
                                                            file.exeGet hashmaliciousUnknownBrowse
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6439
                                                                          Entropy (8bit):5.134031996106717
                                                                          Encrypted:false
                                                                          SSDEEP:192:dKMXQSNcbhbVbTbfbRbObtbyEznpnSrDtTZdB:dPdcNhnzFSJ7nSrDhZdB
                                                                          MD5:0C907519CC78F1E49A6CC91B4E33C109
                                                                          SHA1:66352940E9238FB2BAE7DA85691FD89B58BA93B8
                                                                          SHA-256:17F5023DD659DDC11A03F8B6A92EEFB455319A369A52DCF185138041094FCC0C
                                                                          SHA-512:B13CD587EC4906F8390881C60BFDB7890CB5B73A5A7453FB58CBD346DCA8BF8F14558D45B41F65394C3B39BD85E253B8EB1D7DD75B157E992624F2022283D09F
                                                                          Malicious:false
                                                                          Preview:{"type":"uninstall","id":"968aa1fd-9c21-43aa-abd8-bde0d92ba0de","creationDate":"2024-09-06T11:50:08.353Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):6439
                                                                          Entropy (8bit):5.134031996106717
                                                                          Encrypted:false
                                                                          SSDEEP:192:dKMXQSNcbhbVbTbfbRbObtbyEznpnSrDtTZdB:dPdcNhnzFSJ7nSrDhZdB
                                                                          MD5:0C907519CC78F1E49A6CC91B4E33C109
                                                                          SHA1:66352940E9238FB2BAE7DA85691FD89B58BA93B8
                                                                          SHA-256:17F5023DD659DDC11A03F8B6A92EEFB455319A369A52DCF185138041094FCC0C
                                                                          SHA-512:B13CD587EC4906F8390881C60BFDB7890CB5B73A5A7453FB58CBD346DCA8BF8F14558D45B41F65394C3B39BD85E253B8EB1D7DD75B157E992624F2022283D09F
                                                                          Malicious:false
                                                                          Preview:{"type":"uninstall","id":"968aa1fd-9c21-43aa-abd8-bde0d92ba0de","creationDate":"2024-09-06T11:50:08.353Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):44596
                                                                          Entropy (8bit):6.0968205761944265
                                                                          Encrypted:false
                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBVwuKhDO6vP6OletGOjjM2ByJeDaTTcGoup1Xl3j0:z/Ps+wsI7ynEx6Ejjkchu3VlXr4CRo1
                                                                          MD5:E40ED8AF5CB63F42756C2727463F693E
                                                                          SHA1:03D75E8164D0808A04F8A42157BBD29E02497DDD
                                                                          SHA-256:2EBE1CB07FE4B7652CB82F3D26505FFA58FD3EAD37E97455DC93D219C1ED77B2
                                                                          SHA-512:093A31FD6729979EE3E479BB4FCB0445328BD0FC5571EA24E98A5D8BF006803D5F412CD8990777C22CD8C212D267F56E9BB5C693739E0098B5B0B6091776D024
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):44652
                                                                          Entropy (8bit):6.097008403708242
                                                                          Encrypted:false
                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xkB6wuKhDO6vP6OletGOjjMe0y3qr3PFDrUT8Y9cGon:z/Ps+wsI7yOEI6EjjX9chu3VlXr4CRo1
                                                                          MD5:7F44E881E5C6E22BEF2980FF73C7A914
                                                                          SHA1:B41396DF936463D282985876FEB14631636B52C6
                                                                          SHA-256:77D6929E23F9BCD3265B0A7873F1ADA6F57B33E9E96953711B56B3BC886C3B81
                                                                          SHA-512:357C5BE40A7D3016FA489439BB887F0FB0569418280334ACD459A183800AC7DFC8A11D8AAEF5A1385498C2F1D4E8D8C8BA332AFF130CFE4ED9CD22CE9734361C
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):45975
                                                                          Entropy (8bit):6.088078899451144
                                                                          Encrypted:false
                                                                          SSDEEP:768:mMGQ7FCYXGIgtDAWtJ4po9HLjhDO6vP6OletGOjjM+0y3qr3PFDrUT8Y9VQavCAk:mMGQ5XMBmo9k6Ejjz9yavRobhu3VlXrY
                                                                          MD5:E22BAA5478F6F33432F55AFC32F4CA7B
                                                                          SHA1:02B21D7F284559FB6A946685F7D2C0ADDEA0C372
                                                                          SHA-256:60349D718B6DA569E41DF88331417C6E6235AA22C894962C914960F218C9437E
                                                                          SHA-512:816F97E58E3E673E01657A396D416147285981964CE073B48A3258DE589FCA7F0239103F0966ECD448A10651B433C413EFED04276B415A89EE32439F799CE66E
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):45898
                                                                          Entropy (8bit):6.08816160248515
                                                                          Encrypted:false
                                                                          SSDEEP:768:mMGQ7FCYXGIgtDAWtJ4n99HLjhDO6vP6OletGOjjMe0y3qr3PFDrUT8Y9VQavCAk:mMGQ5XMBG99k6EjjX9yavRobhu3VlXrY
                                                                          MD5:FA47101FB312D83AED5218F044DE13F7
                                                                          SHA1:9B7F95379D81BA79F9F53C6A12B3FC73AA06F28E
                                                                          SHA-256:553B380DEEC45AF2DC049DD9ECF9E39AB990DCDA1C925D4FF939793984EBB34B
                                                                          SHA-512:9C11D7C671F5F89A9B046E8A6BAD31F9A936E7AF70DE898B44B0B51FFEE2820096B6F7B8404D7FF6BAC0C91F5E0E9BF7D4970C2488002540429C30B5E7C6F3F3
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:modified
                                                                          Size (bytes):44596
                                                                          Entropy (8bit):6.0968205761944265
                                                                          Encrypted:false
                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBVwuKhDO6vP6OletGOjjM2ByJeDaTTcGoup1Xl3j0:z/Ps+wsI7ynEx6Ejjkchu3VlXr4CRo1
                                                                          MD5:E40ED8AF5CB63F42756C2727463F693E
                                                                          SHA1:03D75E8164D0808A04F8A42157BBD29E02497DDD
                                                                          SHA-256:2EBE1CB07FE4B7652CB82F3D26505FFA58FD3EAD37E97455DC93D219C1ED77B2
                                                                          SHA-512:093A31FD6729979EE3E479BB4FCB0445328BD0FC5571EA24E98A5D8BF006803D5F412CD8990777C22CD8C212D267F56E9BB5C693739E0098B5B0B6091776D024
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):107893
                                                                          Entropy (8bit):4.640149995732079
                                                                          Encrypted:false
                                                                          SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
                                                                          MD5:AD9FA3B6C5E14C97CFD9D9A6994CC84A
                                                                          SHA1:EF063B4A4988723E0794662EC9D9831DB6566E83
                                                                          SHA-256:DCC7F776DBDE2DB809D3402FC302DB414CF67FE5D57297DDDADCE1EE42CFCE8F
                                                                          SHA-512:81D9D59657CAF5805D2D190E8533AF48ACEBFFF63409F5A620C4E08F868710301A0C622D7292168048A9BC16C0250669FAAA2DCBF40419740A083C6ED5D79CFA
                                                                          Malicious:false
                                                                          Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):107893
                                                                          Entropy (8bit):4.640149995732079
                                                                          Encrypted:false
                                                                          SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
                                                                          MD5:AD9FA3B6C5E14C97CFD9D9A6994CC84A
                                                                          SHA1:EF063B4A4988723E0794662EC9D9831DB6566E83
                                                                          SHA-256:DCC7F776DBDE2DB809D3402FC302DB414CF67FE5D57297DDDADCE1EE42CFCE8F
                                                                          SHA-512:81D9D59657CAF5805D2D190E8533AF48ACEBFFF63409F5A620C4E08F868710301A0C622D7292168048A9BC16C0250669FAAA2DCBF40419740A083C6ED5D79CFA
                                                                          Malicious:false
                                                                          Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4194304
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3::
                                                                          MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                          SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                          SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                          SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4194304
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3::
                                                                          MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                          SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                          SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                          SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4194304
                                                                          Entropy (8bit):0.5369797105586798
                                                                          Encrypted:false
                                                                          SSDEEP:6144:EAv5Cb6LPrt0aH2nS1cT9q5gtS4PaHkzg:drt3l1cC
                                                                          MD5:DF634F223D770BBE9C11F5F588EEEEE1
                                                                          SHA1:43C550354247B27A4CF6FE9B5EE382BB98D0AA3C
                                                                          SHA-256:B23B057D9A60D3D118CB7E361F6E97ACD05167A664835564B0719E7FD897597D
                                                                          SHA-512:5C1A618D66A7FC76F246A15EE5A47B453ACCD53AD6BC21D22FA4C0F14A008EABACCDBC473C88F6DF22E2F89C5DE5C5878775DBBCE56194DA1A2F1B3E67016D50
                                                                          Malicious:false
                                                                          Preview:...@..@...@.....C.].....@...................H...............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".klslpt20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K..>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2......._...... .2.............
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):280
                                                                          Entropy (8bit):4.132041621771752
                                                                          Encrypted:false
                                                                          SSDEEP:3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5x1:o1ApdeaEqYsMazlYBVsJDu2ziy5
                                                                          MD5:845CFA59D6B52BD2E8C24AC83A335C66
                                                                          SHA1:6882BB1CE71EB14CEF73413EFC591ACF84C63C75
                                                                          SHA-256:29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
                                                                          SHA-512:8E0E7E8CCDC8340F68DB31F519E1006FA7B99593A0C1A2425571DAF71807FBBD4527A211030162C9CE9E0584C8C418B5346C2888BEDC43950BF651FD1D40575E
                                                                          Malicious:false
                                                                          Preview:sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):13308
                                                                          Entropy (8bit):5.280193436950503
                                                                          Encrypted:false
                                                                          SSDEEP:384:stePGQSuEsUafhPjH5YbG1RQx6WolaTYK:sUOXucaf4bGkxOaTYK
                                                                          MD5:C8F729E191B2052CC033B411FF1AA535
                                                                          SHA1:5E317D3D033D41C7D87CB6DD39A07CC52604490A
                                                                          SHA-256:2D90D701D85B377F9FA9EB7AF524E63F41F2AF5A96A521E6C61A9369DADB36BD
                                                                          SHA-512:D7D7130540F8CC5AC642B1E4D3DD3AD27575E2ED9CA0729C8D435B8101C3D7FBF47F536627910E7A44A97AC3D68670ADBF548E623D3B2B015951366DB9E703F6
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370092323935528","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:very short file (no magic)
                                                                          Category:dropped
                                                                          Size (bytes):1
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:L:L
                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                          Malicious:false
                                                                          Preview:.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:very short file (no magic)
                                                                          Category:dropped
                                                                          Size (bytes):1
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:L:L
                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                          Malicious:false
                                                                          Preview:.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):40504
                                                                          Entropy (8bit):5.561027561538373
                                                                          Encrypted:false
                                                                          SSDEEP:768:7pTvbo7pLGLvh/WPA2f4I8F1+UoAYDCx9Tuqh0VfUC9xbog/OVjcvwKS0rwJh81I:7pTvbUcvh/WPA2f4Iu1jaScvdStJhOY/
                                                                          MD5:2547C559F7D268D067BE19C08EBF586C
                                                                          SHA1:E1416AB6AA0954237B9DC2B8AA6E00FFA175E7A6
                                                                          SHA-256:8A5C0F3F8FB761E8D2CBC738030535E959799C949E3BE7101F25CF3A2253AD35
                                                                          SHA-512:5072D9BA5AADC72D075B2F532E3EF3A9515A8956581D7801E185363C6912CA40AF57274A870FB9219D85E7B7177D97201CDD9B05053029947606308A41FB1A2D
                                                                          Malicious:false
                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370092323291553","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370092323291553","location":5,"ma
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12525
                                                                          Entropy (8bit):5.208642218119727
                                                                          Encrypted:false
                                                                          SSDEEP:192:steJ99QTryDigabatSuyTsUasZihUkP3S8ubV+F1mQQA66WpaFIMYyPgYJ:stePGKSuEsUafhibG1RQx6WpaTYK
                                                                          MD5:23338876F937E429236B399AD71847BE
                                                                          SHA1:4D2852FFADE2EEEAC8AC56EC831F9FA74B4FE9B1
                                                                          SHA-256:C30B8905DA4E2A6ACCB91034EED22F1EDB721416D56C10396F601B40D11C8402
                                                                          SHA-512:486A962FE111C9651D2560D879A2EDD2C43EAAFE6996DAD1EC97C5B173C15C7A064C5183CAEAE95316E6327C489E862AC92F096D0B04D4730F8C2909EF2D6433
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370092323935528","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):13308
                                                                          Entropy (8bit):5.280197595667494
                                                                          Encrypted:false
                                                                          SSDEEP:384:stePGQSuEsUafhPjH5YbG1RQx6WblaTYK:sUOXucaf4bGkx1aTYK
                                                                          MD5:F42DC22E8F7C492E836C2E0987D2644B
                                                                          SHA1:E407F94A212CE7E96EE9FF3ABC3B684CBDC95C99
                                                                          SHA-256:D7145E02E45798E7806D299579AA94B0AB107B15F1501A1B2271031E0046A256
                                                                          SHA-512:CDD3B245A38B6CC8993191B04CAE34917291B69B411C4CE86BDECECAC13F15F1394BF7971141367DF7EEB5927389C726EC7E716464512656F0E98ED505005172
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370092323935528","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):13143
                                                                          Entropy (8bit):5.282737211671393
                                                                          Encrypted:false
                                                                          SSDEEP:192:steJ99QTryDiuabatSuyTsUasZihPjH5qkP3S8ubV+F1mQQA66WpaFIMYyPgYJ:stePGQSuEsUafhPjH5YbG1RQx6WpaTYK
                                                                          MD5:D4F1D467AA763EC5669EA022D39F91AD
                                                                          SHA1:9E5D1196CCC0FC2950E2FC217745768A26F71853
                                                                          SHA-256:CF644CE6BE62D7F86BCE2F0A009F4DE5CD43B23325D957A48D69973F3648AEED
                                                                          SHA-512:0738C5A38FC6136D7F4A5F8DC848CC226E6D620AA0EF48517546CD68FB66EC5991AFCA3DE4D0EB431EB62D0D56B2F9D8846E3BDB35F5907D08B5C98FED9F68B3
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370092323935528","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):35445
                                                                          Entropy (8bit):5.55822045177703
                                                                          Encrypted:false
                                                                          SSDEEP:768:7pTv0/WPA2fPI8F1+UoAYDCx9Tuqh0VfUC9xbog/OV/wKS0rwJhRRqKpLtuX:7pTv0/WPA2fPIu1jasdStJhRQatQ
                                                                          MD5:70D46D4D3CE262C0D8C437E0CCE76872
                                                                          SHA1:DE8D276F590771DB69282C9066FBF38FC44AD0B0
                                                                          SHA-256:2F051EE5681BD78239310A9DE1165103AE7FC4C1A6273CF7FC3817A1CB4D4BDF
                                                                          SHA-512:89C7D57343B82CC451C51D99C2ADCF81CCB552192AE54D65C1AC0AD9F725F63CD83E76C0A8ACF697D58FC75BAADEF43C622522D156F34EA088415190DFC17D40
                                                                          Malicious:false
                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370092323291553","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370092323291553","location":5,"ma
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):33
                                                                          Entropy (8bit):3.5394429593752084
                                                                          Encrypted:false
                                                                          SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                          MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                          SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                          SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                          SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                          Malicious:false
                                                                          Preview:...m.................DB_VERSION.1
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):309
                                                                          Entropy (8bit):5.254593347689392
                                                                          Encrypted:false
                                                                          SSDEEP:6:Pg6MD1923oH+Tcwtp3hBtB2KLllg0Qi+q2P923oH+Tcwtp3hBWsIFUv:P9xYebp3dFLnrQi+v4Yebp3eFUv
                                                                          MD5:40C9DC74BCF3679A0ED45F1C0A2831A9
                                                                          SHA1:68313B5A49AEA82847EEB5B97FA7E0DFA526CC97
                                                                          SHA-256:347D65D62E43748D5FD1BDB278926F6DA0FC9B4E7DE8F089F7467DE38EDBAF6A
                                                                          SHA-512:685C23A6C0EC50795F3D9483E6F65157D235E2D4ADECC993F55728159F82DBB06382E033E719F8B1D93752A813138329BC8929E45AE8289E234910AF47406878
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:08.663 1d5c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/09/06-06:32:08.884 1d5c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:modified
                                                                          Size (bytes):2163821
                                                                          Entropy (8bit):5.222869586649704
                                                                          Encrypted:false
                                                                          SSDEEP:24576:v+/PN8FmfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN8wfx2mjF
                                                                          MD5:1222B4F38A222AC9DF0987D0568FCDEB
                                                                          SHA1:B103DCA1698272A83C79339BAAD98612F037520B
                                                                          SHA-256:2B01FABE9966CBB4522DEE5691F543677FF90A71FC7ABCAF45CFF786C4FDEACC
                                                                          SHA-512:67E2182F24933B4409300D0EC9537E7FFFA6ADD75C7ABB1D3618C1AA34A2F712F41238A6A54297CD9BA4E5130C3124D9BC0A6CF7585B8A8D91C4767D55BEB539
                                                                          Malicious:false
                                                                          Preview:...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340900604462938.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):336
                                                                          Entropy (8bit):5.131266554574434
                                                                          Encrypted:false
                                                                          SSDEEP:6:Pgh1L+q2P923oH+Tcwt9Eh1tIFUt82gnj1Zmw+2gV1N1LVkwO923oH+Tcwt9Eh1H:PYL+v4Yeb9Eh16FUt82G/+26dLV5LYe8
                                                                          MD5:5477649666009569B990FBF6135CF1BF
                                                                          SHA1:9AE8F680AFA31D943B4C2F9126988F8055F1D6D8
                                                                          SHA-256:6EDB6C7B913DB2F9E33535314CB1C2DC97F28CA404246716A3DE3A141CD034D5
                                                                          SHA-512:C9E8BB3C8F189B195BDB3811C0419CD22248B0E27DAE137AEB62B9C5500CFB820947B7F5D4BEDC0080D1430BCB027C3906BC1D5F58CE73A29A7B0C0D6D0ACB72
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:08.702 237c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/09/06-06:32:08.704 237c Recovering log #3.2024/09/06-06:32:08.715 237c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):336
                                                                          Entropy (8bit):5.131266554574434
                                                                          Encrypted:false
                                                                          SSDEEP:6:Pgh1L+q2P923oH+Tcwt9Eh1tIFUt82gnj1Zmw+2gV1N1LVkwO923oH+Tcwt9Eh1H:PYL+v4Yeb9Eh16FUt82G/+26dLV5LYe8
                                                                          MD5:5477649666009569B990FBF6135CF1BF
                                                                          SHA1:9AE8F680AFA31D943B4C2F9126988F8055F1D6D8
                                                                          SHA-256:6EDB6C7B913DB2F9E33535314CB1C2DC97F28CA404246716A3DE3A141CD034D5
                                                                          SHA-512:C9E8BB3C8F189B195BDB3811C0419CD22248B0E27DAE137AEB62B9C5500CFB820947B7F5D4BEDC0080D1430BCB027C3906BC1D5F58CE73A29A7B0C0D6D0ACB72
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:08.702 237c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/09/06-06:32:08.704 237c Recovering log #3.2024/09/06-06:32:08.715 237c Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):28672
                                                                          Entropy (8bit):0.4654693756860036
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBLs:TouQq3qh7z3bY2LNW9WMcUvBLs
                                                                          MD5:C25D6B0AC5C8D1A8CC64B68E22DF7110
                                                                          SHA1:7624C9C832C77C03A4425A02F8EFDFD458DDBF71
                                                                          SHA-256:952C3D9FB1AD27741B070DFEE472F63BAC3601CE26778BDBD6A6E724670383D9
                                                                          SHA-512:6650372330CCE4B0CD6794F1B6F8A6114A18A37106AC0E6B543586CE39207CF9DB03E57CCB13B1118C561B05D7C1EFB355304EFA691EDBD5DE2B6FEB04DBA9DC
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                          Category:dropped
                                                                          Size (bytes):10240
                                                                          Entropy (8bit):0.8708334089814068
                                                                          Encrypted:false
                                                                          SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                          MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                          SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                          SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                          SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):636554
                                                                          Entropy (8bit):6.0127694795093625
                                                                          Encrypted:false
                                                                          SSDEEP:12288:BhjHVMIvgjD8xIXualvzHR7iaQKR+8JbtlmkdBC1esJxrVcQNaiBa:Bhq+kaIXnQs+Qb3mkGbJo5
                                                                          MD5:CDE9ABB05D9CF09C0DA933480FEC3B64
                                                                          SHA1:D28F62243CA290594B0EB556FE0831AA6FCC6C8A
                                                                          SHA-256:036961C14225D6DD3397D4EA5B38D010A7F0EE778CFDBEFE9437F37DDE78E39F
                                                                          SHA-512:FFD65D76C5DF99F63EDE9695B15CE7D3AD175FB87AD8C708DDBBF5E3747379CBCA0F30C5146E7EE1A86037DB96A63F36AAAD5606D6D95BF45022E3024BF2F018
                                                                          Malicious:false
                                                                          Preview:...m.................DB_VERSION.1.!Z2.................BLOOM_FILTER:..&{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3767945,"primeBases":[5381,5381,5381,5381],"supportedDomains":"+o3+RncW1oGSCAJdFuTFqUW6YaGaAbCC0mXuZLc6TAdWf+a3VWHilOI7HUSutZN7jjBKd4Xi34zSVDgDggvk4iE7SFOUe0to/ca2Z9NKMxb3353s+Xz5MJEyQlwFGH9Q4NPsSG7/Mg0OzIizAAoQKAb68INGxcqMD8b8cjATmbZA8J3gaDgCBh+FwkLSt7ItZOvFiz1UWGdFoGeWLVoid0mXBF1tVxiUsnfZrTOYUq+ybxegQgLR7oDn/09U0naczNrckPPeVov9TOq080La20glc39nrbTQ161ERvbKrN6QBMsgiTOHVfZfSTGNbPb7sPb+5dDTy5Pj4SDC6TCZj8jX3zHAoaELBAojh3rXGAdRcmlzljl/F2zoyuFBIUzr1kW7W1ersVw2uiPbjdETQ6f6PzQr5AIUQSnGkCAK4eY8TDM6HLdxH8VjohD4l8UWF3Y9XOks322TYQmhq7J/I5qw0+ibgaYj2D0vvNSxCuIJMAcBjJAiV3jSfyJZCI7hs3VWZSRjobGr+J4EqQa3vtIovMi1uA9KKefV9pM81NjK5N2TORH5BQe9Np+dJNRjevW/vXAW4n+oqu76r1jaC4FKAy9+Xb5xIFPlpZDNzVhz/6/ct6Hct8kU9B96g6Gv3o9/8jKq///viYVNKvcp+tGhn40YSm6uaOjATydJjaZqudEoej2VEh/hMKMwBMZNV2DvJuxJfXP9Vxyc06+ZH2XLctB6KM125+jdQ7UtY9dujxJcJ6P5ONGgAQohAe9Jqk8wYOnC5u/cDvlnwhGVt8QSnkPqM+ce4mL
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):142
                                                                          Entropy (8bit):5.078134679712081
                                                                          Encrypted:false
                                                                          SSDEEP:3:6g38E28xp4m3rscUSXQSVBXpbltlf+nETPxpK2x7LuX4VhvdWUEs:6g38D8xSEsIXf3+n0PxEWA4VqVs
                                                                          MD5:09C0E0F3F3306443C378D7423058DE4B
                                                                          SHA1:D12A62EBCF8364C3292EF675FC79F9D2F8D8E5D8
                                                                          SHA-256:9EA38150B1A79E437BA9A130DE1D42E69993948C48512E72F8396F023AEFB432
                                                                          SHA-512:C0F2ACA1026FB10B5C7638F56E97BA0AE1615CE7DFB656C59893B31A8A6AD792ACE4F4556E3BE0DDD0D4CDE136790ECF3F87B73C83DA5D9FCE9186F9A6FD9A72
                                                                          Malicious:false
                                                                          Preview:.B..9................BLOOM_FILTER_EXPIRY_TIME:.1725705128.996882V...G................BLOOM_FILTER_LAST_MODIFIED:.Fri, 06 Sep 2024 08:31:31 GMT
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):636529
                                                                          Entropy (8bit):6.012178686683981
                                                                          Encrypted:false
                                                                          SSDEEP:12288:vhEHVMavgBg8bIXuHlvzHM7iawKRt8AbtA0kdBO1esJxLVcWGaiQX:vh7cNaIXxwstXb+0kKbJ1l
                                                                          MD5:D06FF4898FA4B70F70844C78C74E85F1
                                                                          SHA1:343AACAE98E528494912A7795CFDA3320598B8B9
                                                                          SHA-256:7075C56053C9821ACF183DBB7CF38F0EB58DED5773450E7FC5D015DAF9885A11
                                                                          SHA-512:ADD667D77284908B8DE405827BA3BFA0D56A8E19DEC93D4E3B5CB6731001D86AA65899CEC389DDC0D50D40A95DFBFEF10838C3BB3E565330EE72F7E5C43A1AC1
                                                                          Malicious:false
                                                                          Preview:....&BLOOM_FILTER:........{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3767945,"primeBases":[5381,5381,5381,5381],"supportedDomains":"+o3+RncW1oGSCAJdFuTFqUW6YaGaAbCC0mXuZLc6TAdWf+a3VWHilOI7HUSutZN7jjBKd4Xi34zSVDgDggvk4iE7SFOUe0to/ca2Z9NKMxb3353s+Xz5MJEyQlwFGH9Q4NPsSG7/Mg0OzIizAAoQKAb68INGxcqMD8b8cjATmbZA8J3gaDgCBh+FwkLSt7ItZOvFiz1UWGdFoGeWLVoid0mXBF1tVxiUsnfZrTOYUq+ybxegQgLR7oDn/09U0naczNrckPPeVov9TOq080La20glc39nrbTQ161ERvbKrN6QBMsgiTOHVfZfSTGNbPb7sPb+5dDTy5Pj4SDC6TCZj8jX3zHAoaELBAojh3rXGAdRcmlzljl/F2zoyuFBIUzr1kW7W1ersVw2uiPbjdETQ6f6PzQr5AIUQSnGkCAK4eY8TDM6HLdxH8VjohD4l8UWF3Y9XOks322TYQmhq7J/I5qw0+ibgaYj2D0vvNSxCuIJMAcBjJAiV3jSfyJZCI7hs3VWZSRjobGr+J4EqQa3vtIovMi1uA9KKefV9pM81NjK5N2TORH5BQe9Np+dJNRjevW/vXAW4n+oqu76r1jaC4FKAy9+Xb5xIFPlpZDNzVhz/6/ct6Hct8kU9B96g6Gv3o9/8jKq///viYVNKvcp+tGhn40YSm6uaOjATydJjaZqudEoej2VEh/hMKMwBMZNV2DvJuxJfXP9Vxyc06+ZH2XLctB6KM125+jdQ7UtY9dujxJcJ6P5ONGgAQohAe9Jqk8wYOnC5u/cDvlnwhGVt8QSnkPqM+ce4mLoqavVr1W6M2pkmSIpauEh0cez8hN+5N/u78l15yvzNT5
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):512
                                                                          Entropy (8bit):5.17402743553055
                                                                          Encrypted:false
                                                                          SSDEEP:12:PxiXyv4Yebn9GFUt82xioX/+2xiojR5LYebn95Z9leNf0nWGNfr1K2hO7h:5MY4Yeb9ig8kN/DLYeb9zGavlnO7h
                                                                          MD5:52422FF85FE86D62E175F2EAEAE71192
                                                                          SHA1:A03A7724C8EDA959EC39F8103FC4B71CEEE5D8A3
                                                                          SHA-256:6516CB14B616EBE6490763D7CC5BDEDDE0F07798672392C19351489E7FE440D2
                                                                          SHA-512:15644E6100BA91B2EBC578ABAC4C17BA5CFC0B0CDFA73181D4C45321DFBF5E87A664856DF364DB3B414802F41A9FAA4520F77C7C7E1D5611D589CB16E0E79775
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:03.320 1da8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/09/06-06:32:03.321 1da8 Recovering log #3.2024/09/06-06:32:03.321 1da8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/09/06-06:32:09.023 1d60 Level-0 table #5: started.2024/09/06-06:32:09.053 1d60 Level-0 table #5: 636529 bytes OK.2024/09/06-06:32:09.055 1d60 Delete type=0 #3.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):512
                                                                          Entropy (8bit):5.17402743553055
                                                                          Encrypted:false
                                                                          SSDEEP:12:PxiXyv4Yebn9GFUt82xioX/+2xiojR5LYebn95Z9leNf0nWGNfr1K2hO7h:5MY4Yeb9ig8kN/DLYeb9zGavlnO7h
                                                                          MD5:52422FF85FE86D62E175F2EAEAE71192
                                                                          SHA1:A03A7724C8EDA959EC39F8103FC4B71CEEE5D8A3
                                                                          SHA-256:6516CB14B616EBE6490763D7CC5BDEDDE0F07798672392C19351489E7FE440D2
                                                                          SHA-512:15644E6100BA91B2EBC578ABAC4C17BA5CFC0B0CDFA73181D4C45321DFBF5E87A664856DF364DB3B414802F41A9FAA4520F77C7C7E1D5611D589CB16E0E79775
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:03.320 1da8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/09/06-06:32:03.321 1da8 Recovering log #3.2024/09/06-06:32:03.321 1da8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/09/06-06:32:09.023 1d60 Level-0 table #5: started.2024/09/06-06:32:09.053 1d60 Level-0 table #5: 636529 bytes OK.2024/09/06-06:32:09.055 1d60 Delete type=0 #3.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):103
                                                                          Entropy (8bit):5.287315490441997
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjGtCSluhFhinvsD8xFxN3erkEtl:scoBY7j6CSluGvlxFDkHl
                                                                          MD5:BBF990808A624C34FC58008F69BE5414
                                                                          SHA1:8E91249954C47ED58AFAA34373006A9A907A8B87
                                                                          SHA-256:2E9DF06E07493794BAE755C1954FDC37401D757916EBFBAA7F0EE64A8FD16E9E
                                                                          SHA-512:9F6863BCEE0782B211E95986AEDB74E0563A24D7FE448A7CA56EC94CD489A5BE0999757C25CB75DB6789759DCB81C20236EFB96945165E15E3D139CA4836B844
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator..........7...............&.BLOOM_FILTER:.........DB_VERSION........
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):0.6127989792443068
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+jmCSKpIySZmL:TO8D4jJ/6Up+iCkyX
                                                                          MD5:7F11B97E3628CFB30AE514DD272DE445
                                                                          SHA1:4DB294250894ABF9281309386F5B187E43A4055F
                                                                          SHA-256:3095AB0E24F37D83C4B44301D7DFA02394AAAB93E459BD245BABB2B63FBE1C33
                                                                          SHA-512:42BF80EE71A6F62538E1231BCB2F63E8781BD8A156F1C511B9364D6499A710B4B261356FA7F8EAE59F010A04037902A57197F10790B718ACC486F6004517BD5F
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:modified
                                                                          Size (bytes):375520
                                                                          Entropy (8bit):5.354102145094458
                                                                          Encrypted:false
                                                                          SSDEEP:6144:6A/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:6FdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                          MD5:F342E31F2CAAC11F7F83640F58C7DBE3
                                                                          SHA1:170CAE7E39EBEEF2AF35FEC10721C9E40FE151E8
                                                                          SHA-256:EBFAB3DB103AD0CD420AF354E813EFF4C64BEA2A747AA0909A5E260252B32116
                                                                          SHA-512:48FE7BC4697C20B556AA2966E83E2F7FA33CD022DA47A0211F7DDC15A292AAA2DA3B04D1218AD11337AFD7157DFEF8F1C4964366BB8F89A14D4798E72787A9C5
                                                                          Malicious:false
                                                                          Preview:...m.................DB_VERSION.1..C/q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13370092329922777..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):311
                                                                          Entropy (8bit):5.176414482782139
                                                                          Encrypted:false
                                                                          SSDEEP:6:Pg1k5Xs1923oH+Tcwtk2WwnvB2KLllge2XSM+q2P923oH+Tcwtk2WwnvIFUv:PgwBYebkxwnvFLnx2XSM+v4YebkxwnQg
                                                                          MD5:D6234637B1FC5906DE8FFACB2EA6386F
                                                                          SHA1:4039BB250E73097BA8BB38CDE304B1C3F54B5337
                                                                          SHA-256:B9F2B5B13990F132349D318B46D1EE812A75A3E9820E9778DD9DDC1381DE0507
                                                                          SHA-512:5FD33B3A8648BBA6F6A38528159222B12C2AF7E04D0ED93130D2148C671667A441CC6A62C5FAB07A6B1D5D518B8EB2804951A49ACF91C27764F2A58ADB6D26B6
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:08.743 236c Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/09/06-06:32:08.897 236c Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):358860
                                                                          Entropy (8bit):5.324618274305197
                                                                          Encrypted:false
                                                                          SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6R+:C1gAg1zfvW
                                                                          MD5:8337FD5242D6AFC54D4927F7A8E8598D
                                                                          SHA1:8394631097259E7FF9AD2A1CFA0120CB5DEEC688
                                                                          SHA-256:78BA8E8586A5BAE087B404ED0AE3B677CCDAF3779173144D9DA0D1E0563A7E38
                                                                          SHA-512:78CC4507E20CDAA943224C4BEE33F4F130D50FAE4545EE7003440F467778A837D9B79DD894FB08C86AD7F3166A4CCC95CE6B95713D160F9D153DE45FE796E9D6
                                                                          Malicious:false
                                                                          Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):418
                                                                          Entropy (8bit):1.8784775129881184
                                                                          Encrypted:false
                                                                          SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                          MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                          SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                          SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                          SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                          Malicious:false
                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):324
                                                                          Entropy (8bit):5.150920438566676
                                                                          Encrypted:false
                                                                          SSDEEP:6:Pxigq2P923oH+Tcwt8aPrqIFUt82xi0XZmw+2xiDBbkwO923oH+Tcwt8amLJ:Pxigv4YebL3FUt82xiQ/+2xidb5LYebc
                                                                          MD5:670C241B88D3699115721C3EE576FDBF
                                                                          SHA1:CFD2C374B0F681FCF4AF02310879904CDF5576D0
                                                                          SHA-256:01EF0F016CDA74E515F44FDB563E90EB940268906140B3C2E57061ED8AE65FB6
                                                                          SHA-512:D993CBE49E88C78B81B382731F419DB4B818E24F8EB38551F8B9F2330850FF87C7250C56632BC3F1E0BF99F5424094F950179E2848913386C88635C0BA9C49D1
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:03.325 1db0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/09/06-06:32:03.326 1db0 Recovering log #3.2024/09/06-06:32:03.327 1db0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):324
                                                                          Entropy (8bit):5.150920438566676
                                                                          Encrypted:false
                                                                          SSDEEP:6:Pxigq2P923oH+Tcwt8aPrqIFUt82xi0XZmw+2xiDBbkwO923oH+Tcwt8amLJ:Pxigv4YebL3FUt82xiQ/+2xidb5LYebc
                                                                          MD5:670C241B88D3699115721C3EE576FDBF
                                                                          SHA1:CFD2C374B0F681FCF4AF02310879904CDF5576D0
                                                                          SHA-256:01EF0F016CDA74E515F44FDB563E90EB940268906140B3C2E57061ED8AE65FB6
                                                                          SHA-512:D993CBE49E88C78B81B382731F419DB4B818E24F8EB38551F8B9F2330850FF87C7250C56632BC3F1E0BF99F5424094F950179E2848913386C88635C0BA9C49D1
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:03.325 1db0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/09/06-06:32:03.326 1db0 Recovering log #3.2024/09/06-06:32:03.327 1db0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):418
                                                                          Entropy (8bit):1.8784775129881184
                                                                          Encrypted:false
                                                                          SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                          MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                          SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                          SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                          SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                          Malicious:false
                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):328
                                                                          Entropy (8bit):5.138614370397882
                                                                          Encrypted:false
                                                                          SSDEEP:6:PxiDOq2P923oH+Tcwt865IFUt82xilZmw+2xi3kwO923oH+Tcwt86+ULJ:Pxiqv4Yeb/WFUt82xil/+2xi35LYeb/L
                                                                          MD5:74610B46B21998B5F424BC36D465B7FB
                                                                          SHA1:8E495E5852128F52160A2918571E68F8C7A6CA45
                                                                          SHA-256:7172C0C5CBAAD17D534ECEAA702C86357BD619BEB8504A335E1FCF5E8BC67964
                                                                          SHA-512:C0D942545867221D28D6348D893B1E00901C18B44E754C9E504A678D7F0F6B862B33A81A9BEA91679CB6F6BF529B77068FE441227B22E2897CFB60BFE662C747
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:03.334 1db0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/09/06-06:32:03.336 1db0 Recovering log #3.2024/09/06-06:32:03.336 1db0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):328
                                                                          Entropy (8bit):5.138614370397882
                                                                          Encrypted:false
                                                                          SSDEEP:6:PxiDOq2P923oH+Tcwt865IFUt82xilZmw+2xi3kwO923oH+Tcwt86+ULJ:Pxiqv4Yeb/WFUt82xil/+2xi35LYeb/L
                                                                          MD5:74610B46B21998B5F424BC36D465B7FB
                                                                          SHA1:8E495E5852128F52160A2918571E68F8C7A6CA45
                                                                          SHA-256:7172C0C5CBAAD17D534ECEAA702C86357BD619BEB8504A335E1FCF5E8BC67964
                                                                          SHA-512:C0D942545867221D28D6348D893B1E00901C18B44E754C9E504A678D7F0F6B862B33A81A9BEA91679CB6F6BF529B77068FE441227B22E2897CFB60BFE662C747
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:03.334 1db0 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/09/06-06:32:03.336 1db0 Recovering log #3.2024/09/06-06:32:03.336 1db0 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):1254
                                                                          Entropy (8bit):1.8784775129881184
                                                                          Encrypted:false
                                                                          SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                          MD5:826B4C0003ABB7604485322423C5212A
                                                                          SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                          SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                          SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                          Malicious:false
                                                                          Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):324
                                                                          Entropy (8bit):5.1408425572864305
                                                                          Encrypted:false
                                                                          SSDEEP:6:PsUE1q2P923oH+Tcwt8NIFUt82sUCZmw+2sUukwO923oH+Tcwt8+eLJ:P1E1v4YebpFUt821C/+21u5LYebqJ
                                                                          MD5:72D76AE6371EE8D56697855CD9E1F49F
                                                                          SHA1:368BF89713E1C695570995A62E1FCC415D240C2E
                                                                          SHA-256:0E4E1420D4DB31A4A5859B78D7838B0AA8C261B51077FE59A568982255EEAE95
                                                                          SHA-512:3E23311A00E36056C414F2C621817F813741AC156D688F260891FDDAB2EFB831B06A60E26FAD20006209165DE7BFE1A2CF56DAD01BCB0BE91D113FAE6EE37B01
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:04.154 1d60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/06-06:32:04.155 1d60 Recovering log #3.2024/09/06-06:32:04.155 1d60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):324
                                                                          Entropy (8bit):5.1408425572864305
                                                                          Encrypted:false
                                                                          SSDEEP:6:PsUE1q2P923oH+Tcwt8NIFUt82sUCZmw+2sUukwO923oH+Tcwt8+eLJ:P1E1v4YebpFUt821C/+21u5LYebqJ
                                                                          MD5:72D76AE6371EE8D56697855CD9E1F49F
                                                                          SHA1:368BF89713E1C695570995A62E1FCC415D240C2E
                                                                          SHA-256:0E4E1420D4DB31A4A5859B78D7838B0AA8C261B51077FE59A568982255EEAE95
                                                                          SHA-512:3E23311A00E36056C414F2C621817F813741AC156D688F260891FDDAB2EFB831B06A60E26FAD20006209165DE7BFE1A2CF56DAD01BCB0BE91D113FAE6EE37B01
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:04.154 1d60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/06-06:32:04.155 1d60 Recovering log #3.2024/09/06-06:32:04.155 1d60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):429
                                                                          Entropy (8bit):5.809210454117189
                                                                          Encrypted:false
                                                                          SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                          MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                          SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                          SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                          SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                          Malicious:false
                                                                          Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):2.4458295450110996
                                                                          Encrypted:false
                                                                          SSDEEP:96:0BCyHSDvlelS9nsH4/Aztc+uuoKwgSyg7:mNHSDvJsHXzC+Po1gSyO
                                                                          MD5:D5CCBCB364F5980CAE72F8E708EAAA98
                                                                          SHA1:DD73F4D39135099897FC9A08CCB4B816AF15F289
                                                                          SHA-256:2358FA22C3A5EAF7797A58279E9FD9E230705898A7E6D26975B72D44E2E493D2
                                                                          SHA-512:4190C4C0DE5C4BD598349622D41A7107E332692549673F24912C7C61BB5424A8FCFF4C50E4AFBDEA930CA5C5BEC51EFF9918F766A5B1E5FFF1B3A841DDC4EC68
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                                          Category:dropped
                                                                          Size (bytes):155648
                                                                          Entropy (8bit):0.6766747225998995
                                                                          Encrypted:false
                                                                          SSDEEP:192:nSoNY5JhH+bDo3iN0Z2TVJkXBBE3ybeSzN:DNohIU3iGAIBBE3qPN
                                                                          MD5:C2A5672DDA39FD6F05EA6433E495BCCD
                                                                          SHA1:9CBE25622C9D2CA4EE0EF03CD6E5A7338CB658FB
                                                                          SHA-256:5C37FB8FAA94170BE5F37FDCDB1B3ED8DA798538406785D3B34223FF7AAF724A
                                                                          SHA-512:E08B32A5FF803B4E5879BBC94B5FFC9D4585BCE2BDD45EC091D9D01C6BBE7039E4C8124ECCE4BC5ED09847E0D5E82F3D587FA9576FA4DECD62F73821640ED524
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):8720
                                                                          Entropy (8bit):0.2191763562065486
                                                                          Encrypted:false
                                                                          SSDEEP:3:26L/ntFlljq7A/mhWJFuQ3yy7IOWUS24/dweytllrE9SFcTp4AGbNCV9RUIq:2h75fOgd/d0Xi99pEY4
                                                                          MD5:1B73FDCD194ECF7A0D7DCCB6B515B746
                                                                          SHA1:DC59154128665CA8C3978FDF58055A672E60B1EF
                                                                          SHA-256:89A273954FBBEB9EC9091B1ABC08B667C7286B76366785A2ED5D533228E612CF
                                                                          SHA-512:F7956A8B04A498000C2799508609D4376304D98DDC65FC1E292C8278EF86BFA6A2ED0C586397FD52B178F97839FF249650C1D7EAA368E5D3B6B8763D745C6CFE
                                                                          Malicious:false
                                                                          Preview:............X.{...&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):115717
                                                                          Entropy (8bit):5.183660917461099
                                                                          Encrypted:false
                                                                          SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                          MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                          SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                          SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                          SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                          Malicious:false
                                                                          Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                                                                          Category:dropped
                                                                          Size (bytes):45056
                                                                          Entropy (8bit):3.918403028186678
                                                                          Encrypted:false
                                                                          SSDEEP:384:jj9P0SQkQerkjly773pLDcEP/KbtPCgam6IpRKToaADhf:jd1e2mly7OEP/WF5RKc39
                                                                          MD5:1B2DD3F2140F04729453D271E105E9BA
                                                                          SHA1:BACFDAFAD44FDA2D78A469522DBCF98C54A66386
                                                                          SHA-256:3D98E9F9F6BE1D69990753D87945E489A121A50B7AE5416DCA6DC449D1ECE0E2
                                                                          SHA-512:88279D80122E6A449DD62CF6C3DBC3B8DF6B9319E6CC28AF308C75205DB91E9A541B6DF53FAC0AF2BDA384589203FA0DB2FDE4A1FDFE7FB43838846A491E0827
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):408
                                                                          Entropy (8bit):5.276215768567127
                                                                          Encrypted:false
                                                                          SSDEEP:12:PyJZv4Yeb8rcHEZrELFUt82yJ/+2y875LYeb8rcHEZrEZSJ:aJl4Yeb8nZrExg8dcKLYeb8nZrEZe
                                                                          MD5:767608F6E4E3D4C5D6FEC12D2A6A5835
                                                                          SHA1:A2BA9BAD313CAF04FBFA028AE542D1C2F0BB0272
                                                                          SHA-256:14483DDB8E11D583F7F99CB05E7830FDA8C3A2982091C5886899C74263A3E30C
                                                                          SHA-512:C759561AD436198A3610FC754EEE04C37F0D1B3C7E90C6182970F0B498660A0DBEB0DF0A5AAD04DC875CA57AE28D0E822820BC7891450F063D4699E5BC016124
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:06.490 1d58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/06-06:32:06.491 1d58 Recovering log #3.2024/09/06-06:32:06.492 1d58 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):408
                                                                          Entropy (8bit):5.276215768567127
                                                                          Encrypted:false
                                                                          SSDEEP:12:PyJZv4Yeb8rcHEZrELFUt82yJ/+2y875LYeb8rcHEZrEZSJ:aJl4Yeb8nZrExg8dcKLYeb8nZrEZe
                                                                          MD5:767608F6E4E3D4C5D6FEC12D2A6A5835
                                                                          SHA1:A2BA9BAD313CAF04FBFA028AE542D1C2F0BB0272
                                                                          SHA-256:14483DDB8E11D583F7F99CB05E7830FDA8C3A2982091C5886899C74263A3E30C
                                                                          SHA-512:C759561AD436198A3610FC754EEE04C37F0D1B3C7E90C6182970F0B498660A0DBEB0DF0A5AAD04DC875CA57AE28D0E822820BC7891450F063D4699E5BC016124
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:06.490 1d58 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/06-06:32:06.491 1d58 Recovering log #3.2024/09/06-06:32:06.492 1d58 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):336
                                                                          Entropy (8bit):5.133879760800053
                                                                          Encrypted:false
                                                                          SSDEEP:6:PxMIq2P923oH+Tcwt8a2jMGIFUt82xo6jjZZmw+2xoiAJkwO923oH+Tcwt8a2jM4:PxVv4Yeb8EFUt82xHjZ/+2xCJ5LYeb8N
                                                                          MD5:1F43D010E08A1D588098FB522DA0FF7C
                                                                          SHA1:7DA8AA77CF5C5712C5E2C00BB155A3DCBFC42936
                                                                          SHA-256:CBCE9CC715980C6BF2FF43E4585848260824A6B9A1C56DC55883BB8B3290A190
                                                                          SHA-512:C4862FD44F29150ED623606093B8EF6E3C6722BADF5669767CD6BB2B43F4216F035DBAFC1B0C756175BDF9DA29A8EFE8B6C55CB7BC5564DC63546CE902807702
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:03.898 1e84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/06-06:32:03.901 1e84 Recovering log #3.2024/09/06-06:32:03.904 1e84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):336
                                                                          Entropy (8bit):5.133879760800053
                                                                          Encrypted:false
                                                                          SSDEEP:6:PxMIq2P923oH+Tcwt8a2jMGIFUt82xo6jjZZmw+2xoiAJkwO923oH+Tcwt8a2jM4:PxVv4Yeb8EFUt82xHjZ/+2xCJ5LYeb8N
                                                                          MD5:1F43D010E08A1D588098FB522DA0FF7C
                                                                          SHA1:7DA8AA77CF5C5712C5E2C00BB155A3DCBFC42936
                                                                          SHA-256:CBCE9CC715980C6BF2FF43E4585848260824A6B9A1C56DC55883BB8B3290A190
                                                                          SHA-512:C4862FD44F29150ED623606093B8EF6E3C6722BADF5669767CD6BB2B43F4216F035DBAFC1B0C756175BDF9DA29A8EFE8B6C55CB7BC5564DC63546CE902807702
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:03.898 1e84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/06-06:32:03.901 1e84 Recovering log #3.2024/09/06-06:32:03.904 1e84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 6, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):24576
                                                                          Entropy (8bit):0.40379808290541264
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLiCwbvwsw9VwLwcORslcDw3wJ6UwccI5fB5IRJvdb:TxKX0wxORAmA/U1cEB5IRddb
                                                                          MD5:68C657C28BC5F4067850536C996F76BE
                                                                          SHA1:5FBED88CAD57D82FA17E689AF39AB5532974C7D2
                                                                          SHA-256:89BCC8D0B4B7E81FFEB8212BE740E3A5B7EF92461D2C2599A649CBD59577281A
                                                                          SHA-512:6FD318D0CE478159D60AF99996AF42DF550BCB71E6B4A0F506C7E351B46ECCE0DBF2BEEEDDAC180B0F6DF4A933A6BB77BA966007586696025CD42ACEB050B93A
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...p."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1419
                                                                          Entropy (8bit):5.336394944460292
                                                                          Encrypted:false
                                                                          SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7nbI+:YXs/tsbfc7leeEscgCgakhYhbxo+
                                                                          MD5:BF6BA1797785A5763A0088569A24FE85
                                                                          SHA1:62B9D7386B7BDD97B816063ED0D9CC0D912EB130
                                                                          SHA-256:40C6B39ED9B1E473CBD7027290D7996D15139F0B5BDC4BA6769E8FE8467BBA4E
                                                                          SHA-512:FE46026F5F2C16522DBA26D256C0831DA94254C432E5C2CC77F864E6D7E0F1D9C66A50726AF91B06D54EC124C21D1C73744CB2D9CC016BD9FE7200823698D729
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):188
                                                                          Entropy (8bit):5.3412045265154395
                                                                          Encrypted:false
                                                                          SSDEEP:3:YWRAWNjYEvWlZW44WTPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZG:YWyWNsEOlZW4bTBv31dB8wXwlmUUAnIb
                                                                          MD5:51E6B049BB2AD8A295F52D2B03F7C5FE
                                                                          SHA1:E82A3D7B4AD7F6C1AAE96AD26BCDEA0D7F3BCCCC
                                                                          SHA-256:93F9EA603F51D8F1DDECCB59CA78CFC97AEB371FA2D6F3221370964CC8C4B92E
                                                                          SHA-512:4F68C967014191DE7D79429D2A1B4E03A54C6FCC1C69B2DFE00A0F22C4F6AE5FE08DFF82254ADF10DBB08BA024DD345A4907D0BEDC0E3844DE2CDEAEEF2AC114
                                                                          Malicious:false
                                                                          Preview:{"sts":[{"expiry":1757154793.460819,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725618793.460824}],"version":2}
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2950
                                                                          Entropy (8bit):5.309119177102041
                                                                          Encrypted:false
                                                                          SSDEEP:48:YcgCzsNts4gsGfc7leeEsvacs7V4kBRsrCpHzs++HPshYso+HpCbxo+:F2vu2keLaV4kBIIj48I4oVo+
                                                                          MD5:F9C65244EDD84894F5970AD4A62462F2
                                                                          SHA1:E1A3AFDADA8E228611CFEDBCB1DDC5A72B9587BA
                                                                          SHA-256:7B84E70B5B97353C26C6EF2B52CAFE1642F4448E522137AC60FFE7EC5C87BE4B
                                                                          SHA-512:94000F79900EFF201AC145AA569E9B7AE84CDF610365CFD8A9804C506273A12F714CB9B1EC6679C3A571860D3275FA7F2E7191F5BEEE4BAA7803B734CB8185B7
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372684325600353","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372684328097126","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372684329490032","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"s
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):187
                                                                          Entropy (8bit):5.31018302814502
                                                                          Encrypted:false
                                                                          SSDEEP:3:YWRAWNjYElWjoQW8PI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZnl4:YWyWNsEMjM8Bv31dB8wXwlmUUAnIMp5w
                                                                          MD5:436EDF2696E5B0D828FD83DC35FCEC6E
                                                                          SHA1:B89B22C7EDDBB3000E059241A89920BFCFE5E03C
                                                                          SHA-256:7CF954069D2996ED300E381DCE3B4812B6380406A98559D59968C8DC62D4B829
                                                                          SHA-512:EF264F746678D86213F6A689C699AAD7A3A608D5EDDCB656FDE1AD1033FE4236D4105D352A92C7D2B78CA798BFC038D60E6812CF1E8ADC4F4D7559041462326A
                                                                          Malicious:false
                                                                          Preview:{"sts":[{"expiry":1757154733.245645,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725618733.24565}],"version":2}
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2950
                                                                          Entropy (8bit):5.3087993608316415
                                                                          Encrypted:false
                                                                          SSDEEP:48:YcgCzsNts4gsGfc7leeEsvacs7V4kBRsrCpHzs++HPshYso+HpCbx9+:F2vu2keLaV4kBIIj48I4oV9+
                                                                          MD5:CB906011599DF073A7C0951BC88A64E4
                                                                          SHA1:3FCF373799250AD2ABF8363BDDD6634444D78F7A
                                                                          SHA-256:4EADFA289D43B1E12C098901C19B083875D9244E95B2A4E1ACFEBCD9E4D5C9A3
                                                                          SHA-512:D276B83A89B2B5DF13718A770EEEC883253D8D2DCE5469AF86B6312E8597F26EA305E134CDF82D5CDDD799CFA446870E2DFA4A308BCA890EE5159524AC50CDE4
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372684325600353","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372684328097126","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372684329490032","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"s
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):1.085978105487293
                                                                          Encrypted:false
                                                                          SSDEEP:48:T2dKLopF+SawLUO1Xj8BmMiJN7q3UOFyPr:ige+AumvJ0mr
                                                                          MD5:F66A4ABC4FA39C9A7DD0AA5DD1C82914
                                                                          SHA1:82873C8FB6D9AEE6ACA70B1EB9BAA3A0AB9006C6
                                                                          SHA-256:22481C57515A20B612A293E495D2F99A1AE5148EB123BAB5CC22F1FC4EF7E337
                                                                          SHA-512:9EC20129F871FDBEB9D181189699E9D0FFAEE6196E0E525769BFD64A1B969D8A6BA31FAD6A7AB88874020AAB7CDC5A8F74C0453B111B42EA37CBF207A8A49F57
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1419
                                                                          Entropy (8bit):5.336394944460292
                                                                          Encrypted:false
                                                                          SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7nbI+:YXs/tsbfc7leeEscgCgakhYhbxo+
                                                                          MD5:BF6BA1797785A5763A0088569A24FE85
                                                                          SHA1:62B9D7386B7BDD97B816063ED0D9CC0D912EB130
                                                                          SHA-256:40C6B39ED9B1E473CBD7027290D7996D15139F0B5BDC4BA6769E8FE8467BBA4E
                                                                          SHA-512:FE46026F5F2C16522DBA26D256C0831DA94254C432E5C2CC77F864E6D7E0F1D9C66A50726AF91B06D54EC124C21D1C73744CB2D9CC016BD9FE7200823698D729
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1419
                                                                          Entropy (8bit):5.336394944460292
                                                                          Encrypted:false
                                                                          SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7nbI+:YXs/tsbfc7leeEscgCgakhYhbxo+
                                                                          MD5:BF6BA1797785A5763A0088569A24FE85
                                                                          SHA1:62B9D7386B7BDD97B816063ED0D9CC0D912EB130
                                                                          SHA-256:40C6B39ED9B1E473CBD7027290D7996D15139F0B5BDC4BA6769E8FE8467BBA4E
                                                                          SHA-512:FE46026F5F2C16522DBA26D256C0831DA94254C432E5C2CC77F864E6D7E0F1D9C66A50726AF91B06D54EC124C21D1C73744CB2D9CC016BD9FE7200823698D729
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1419
                                                                          Entropy (8bit):5.336394944460292
                                                                          Encrypted:false
                                                                          SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7nbI+:YXs/tsbfc7leeEscgCgakhYhbxo+
                                                                          MD5:BF6BA1797785A5763A0088569A24FE85
                                                                          SHA1:62B9D7386B7BDD97B816063ED0D9CC0D912EB130
                                                                          SHA-256:40C6B39ED9B1E473CBD7027290D7996D15139F0B5BDC4BA6769E8FE8467BBA4E
                                                                          SHA-512:FE46026F5F2C16522DBA26D256C0831DA94254C432E5C2CC77F864E6D7E0F1D9C66A50726AF91B06D54EC124C21D1C73744CB2D9CC016BD9FE7200823698D729
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                          Category:dropped
                                                                          Size (bytes):36864
                                                                          Entropy (8bit):1.3303623036671433
                                                                          Encrypted:false
                                                                          SSDEEP:96:uIEumQv8m1ccnvS6xDo2dQF2YQ9UZJ1H+RVkI:uIEumQv8m1ccnvS6C282rUZJwd
                                                                          MD5:1865E36069DECBDA89877DA9ADCFE053
                                                                          SHA1:61E849832A8243EDB316970EAC23AF6BE5C45858
                                                                          SHA-256:041E72341B70EADE2B02BD8C2778E9AB318C752D6608B330C9355C6B19E7D2DF
                                                                          SHA-512:F9E21B63C37BDC80F2CDDB26ED01C21B5F09A6AD605E6698350DD60367141C21E89BCC20DAE452B67E4CC721461B45F4825B3933B86D3D7CDD8E3B4B49DC4C42
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):40
                                                                          Entropy (8bit):4.1275671571169275
                                                                          Encrypted:false
                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                          Malicious:false
                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):187
                                                                          Entropy (8bit):5.31018302814502
                                                                          Encrypted:false
                                                                          SSDEEP:3:YWRAWNjYElWjoQW8PI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZnl4:YWyWNsEMjM8Bv31dB8wXwlmUUAnIMp5w
                                                                          MD5:436EDF2696E5B0D828FD83DC35FCEC6E
                                                                          SHA1:B89B22C7EDDBB3000E059241A89920BFCFE5E03C
                                                                          SHA-256:7CF954069D2996ED300E381DCE3B4812B6380406A98559D59968C8DC62D4B829
                                                                          SHA-512:EF264F746678D86213F6A689C699AAD7A3A608D5EDDCB656FDE1AD1033FE4236D4105D352A92C7D2B78CA798BFC038D60E6812CF1E8ADC4F4D7559041462326A
                                                                          Malicious:false
                                                                          Preview:{"sts":[{"expiry":1757154733.245645,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725618733.24565}],"version":2}
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):187
                                                                          Entropy (8bit):5.31018302814502
                                                                          Encrypted:false
                                                                          SSDEEP:3:YWRAWNjYElWjoQW8PI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZnl4:YWyWNsEMjM8Bv31dB8wXwlmUUAnIMp5w
                                                                          MD5:436EDF2696E5B0D828FD83DC35FCEC6E
                                                                          SHA1:B89B22C7EDDBB3000E059241A89920BFCFE5E03C
                                                                          SHA-256:7CF954069D2996ED300E381DCE3B4812B6380406A98559D59968C8DC62D4B829
                                                                          SHA-512:EF264F746678D86213F6A689C699AAD7A3A608D5EDDCB656FDE1AD1033FE4236D4105D352A92C7D2B78CA798BFC038D60E6812CF1E8ADC4F4D7559041462326A
                                                                          Malicious:false
                                                                          Preview:{"sts":[{"expiry":1757154733.245645,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725618733.24565}],"version":2}
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):40
                                                                          Entropy (8bit):4.1275671571169275
                                                                          Encrypted:false
                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                          Malicious:false
                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):0.8307038620100359
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLSOUOq0afDdWec9sJlAz7Nm2z8ZI7J5fc:T+OUzDbg3eAzA2ztc
                                                                          MD5:B18967139991D9CA13DF7E493540A358
                                                                          SHA1:97411C14A8503C11248BE7404C9A79BA5146D40C
                                                                          SHA-256:CCC36F21951B4CB357C57DA0CCA1FFF3B4C7027230C10FD8BCB72C0AFF66141F
                                                                          SHA-512:473AE1B215B181785EA65F87E34155D5976C7AD1FA487B025E1C8711BFD127E99066990105CDA8D6F4804459118361217455AB1644803D22E6ECB164EEEFD630
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12525
                                                                          Entropy (8bit):5.208642218119727
                                                                          Encrypted:false
                                                                          SSDEEP:192:steJ99QTryDigabatSuyTsUasZihUkP3S8ubV+F1mQQA66WpaFIMYyPgYJ:stePGKSuEsUafhibG1RQx6WpaTYK
                                                                          MD5:23338876F937E429236B399AD71847BE
                                                                          SHA1:4D2852FFADE2EEEAC8AC56EC831F9FA74B4FE9B1
                                                                          SHA-256:C30B8905DA4E2A6ACCB91034EED22F1EDB721416D56C10396F601B40D11C8402
                                                                          SHA-512:486A962FE111C9651D2560D879A2EDD2C43EAAFE6996DAD1EC97C5B173C15C7A064C5183CAEAE95316E6327C489E862AC92F096D0B04D4730F8C2909EF2D6433
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370092323935528","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12525
                                                                          Entropy (8bit):5.208642218119727
                                                                          Encrypted:false
                                                                          SSDEEP:192:steJ99QTryDigabatSuyTsUasZihUkP3S8ubV+F1mQQA66WpaFIMYyPgYJ:stePGKSuEsUafhibG1RQx6WpaTYK
                                                                          MD5:23338876F937E429236B399AD71847BE
                                                                          SHA1:4D2852FFADE2EEEAC8AC56EC831F9FA74B4FE9B1
                                                                          SHA-256:C30B8905DA4E2A6ACCB91034EED22F1EDB721416D56C10396F601B40D11C8402
                                                                          SHA-512:486A962FE111C9651D2560D879A2EDD2C43EAAFE6996DAD1EC97C5B173C15C7A064C5183CAEAE95316E6327C489E862AC92F096D0B04D4730F8C2909EF2D6433
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370092323935528","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12525
                                                                          Entropy (8bit):5.208642218119727
                                                                          Encrypted:false
                                                                          SSDEEP:192:steJ99QTryDigabatSuyTsUasZihUkP3S8ubV+F1mQQA66WpaFIMYyPgYJ:stePGKSuEsUafhibG1RQx6WpaTYK
                                                                          MD5:23338876F937E429236B399AD71847BE
                                                                          SHA1:4D2852FFADE2EEEAC8AC56EC831F9FA74B4FE9B1
                                                                          SHA-256:C30B8905DA4E2A6ACCB91034EED22F1EDB721416D56C10396F601B40D11C8402
                                                                          SHA-512:486A962FE111C9651D2560D879A2EDD2C43EAAFE6996DAD1EC97C5B173C15C7A064C5183CAEAE95316E6327C489E862AC92F096D0B04D4730F8C2909EF2D6433
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370092323935528","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):12525
                                                                          Entropy (8bit):5.208642218119727
                                                                          Encrypted:false
                                                                          SSDEEP:192:steJ99QTryDigabatSuyTsUasZihUkP3S8ubV+F1mQQA66WpaFIMYyPgYJ:stePGKSuEsUafhibG1RQx6WpaTYK
                                                                          MD5:23338876F937E429236B399AD71847BE
                                                                          SHA1:4D2852FFADE2EEEAC8AC56EC831F9FA74B4FE9B1
                                                                          SHA-256:C30B8905DA4E2A6ACCB91034EED22F1EDB721416D56C10396F601B40D11C8402
                                                                          SHA-512:486A962FE111C9651D2560D879A2EDD2C43EAAFE6996DAD1EC97C5B173C15C7A064C5183CAEAE95316E6327C489E862AC92F096D0B04D4730F8C2909EF2D6433
                                                                          Malicious:false
                                                                          Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370092323935528","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:modified
                                                                          Size (bytes):83572
                                                                          Entropy (8bit):5.66401295529905
                                                                          Encrypted:false
                                                                          SSDEEP:1536:ZL0/Ry7vm2lhq4ljc+PjfOzBu+RMDVogUlcPCcBjjmny8dLA8j7baD7:ZL6yLm2fq4pc+rCAogU2CcBjj3YAg7mn
                                                                          MD5:9F1BFA4FD49BC89108499DDE881A8082
                                                                          SHA1:31F5EDD3F886FDF97EF425C768C74E069CB3DD2F
                                                                          SHA-256:F5E6B5D6F0D5D0D7DFD2DB050B0143CF3583B7DA5E5BB4677AC1F931803B2949
                                                                          SHA-512:3FF2A910AC506F0477E892DC6814C9308CB27DDE06E27DE64254248DD6B75E412AB8ABFF5B9618146620D72050B57EF7352C3027136A54B81610AF59BFD9909F
                                                                          Malicious:false
                                                                          Preview:...m.................DB_VERSION.1xp.j...............(QUERY_TIMESTAMP:product_category_en1.*.*.13370092333720572..QUERY:product_category_en1.*.*..[{"name":"product_category_en","url":"https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories","version":{"major":1,"minor":0,"patch":0},"hash":"r2jWYy3aqoi3+S+aPyOSfXOCPeLSy5AmAjNHvYRv9Hg=","size":82989}]...yg~..............!ASSET_VERSION:product_category_en.1.0.0..ASSET:product_category_en...."..3....Car & Garage..Belts & Hoses.#..+....Sports & Outdoors..Air Pumps.!.."....Car & Garage..Body Styling.4..5./..Gourmet Food & Chocolate..Spices & Seasonings.'..,."..Sports & Outdoors..Sleeping Gear.!..6....Lawn & Garden..Hydroponics.9.a.5..Books & Magazines. Gay & Lesbian Interest Magazines....+....Office Products..Pins.,..3.'..Kitchen & Housewares..Coffee Grinders.$..#....Computing..Enterprise Servers.#..&....Home Furnishings..Footboards.6...2..Books & Magazines..Computer & Internet Magazines.)..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):16
                                                                          Entropy (8bit):3.2743974703476995
                                                                          Encrypted:false
                                                                          SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                          MD5:46295CAC801E5D4857D09837238A6394
                                                                          SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                          SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                          SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                          Malicious:false
                                                                          Preview:MANIFEST-000001.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):309
                                                                          Entropy (8bit):5.174565228658869
                                                                          Encrypted:false
                                                                          SSDEEP:6:PIdeq1923oH+TcwtgctZQInvB2KLllJH+q2P923oH+TcwtgctZQInvIFUv:PFfYebgGZznvFLnJev4YebgGZznQFUv
                                                                          MD5:B84EF120A6CDC4395C854FE2090A8AA4
                                                                          SHA1:05BA95E3FDED5A9679E3D689D75F98E942755D1C
                                                                          SHA-256:F4DF7619D56A265DAEEDB5D06BFB61E18320FCC397277D37DC6D9E10A490C979
                                                                          SHA-512:B623D40FDA0BE57A725DEB39371278BC382CFA763F9515F7E78EEFC5C3388745FDDE9253F6977AF62EDFBB1E11480C9FA8B29BFC5CB09954E8415FC81A593112
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:12.661 1c88 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db since it was missing..2024/09/06-06:32:12.918 1c88 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db/MANIFEST-000001.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:OpenPGP Secret Key
                                                                          Category:dropped
                                                                          Size (bytes):41
                                                                          Entropy (8bit):4.704993772857998
                                                                          Encrypted:false
                                                                          SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                          MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                          SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                          SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                          SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                          Malicious:false
                                                                          Preview:.|.."....leveldb.BytewiseComparator......
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):35445
                                                                          Entropy (8bit):5.55822045177703
                                                                          Encrypted:false
                                                                          SSDEEP:768:7pTv0/WPA2fPI8F1+UoAYDCx9Tuqh0VfUC9xbog/OV/wKS0rwJhRRqKpLtuX:7pTv0/WPA2fPIu1jasdStJhRQatQ
                                                                          MD5:70D46D4D3CE262C0D8C437E0CCE76872
                                                                          SHA1:DE8D276F590771DB69282C9066FBF38FC44AD0B0
                                                                          SHA-256:2F051EE5681BD78239310A9DE1165103AE7FC4C1A6273CF7FC3817A1CB4D4BDF
                                                                          SHA-512:89C7D57343B82CC451C51D99C2ADCF81CCB552192AE54D65C1AC0AD9F725F63CD83E76C0A8ACF697D58FC75BAADEF43C622522D156F34EA088415190DFC17D40
                                                                          Malicious:false
                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370092323291553","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370092323291553","location":5,"ma
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):35445
                                                                          Entropy (8bit):5.55822045177703
                                                                          Encrypted:false
                                                                          SSDEEP:768:7pTv0/WPA2fPI8F1+UoAYDCx9Tuqh0VfUC9xbog/OV/wKS0rwJhRRqKpLtuX:7pTv0/WPA2fPIu1jasdStJhRQatQ
                                                                          MD5:70D46D4D3CE262C0D8C437E0CCE76872
                                                                          SHA1:DE8D276F590771DB69282C9066FBF38FC44AD0B0
                                                                          SHA-256:2F051EE5681BD78239310A9DE1165103AE7FC4C1A6273CF7FC3817A1CB4D4BDF
                                                                          SHA-512:89C7D57343B82CC451C51D99C2ADCF81CCB552192AE54D65C1AC0AD9F725F63CD83E76C0A8ACF697D58FC75BAADEF43C622522D156F34EA088415190DFC17D40
                                                                          Malicious:false
                                                                          Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370092323291553","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370092323291553","location":5,"ma
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):440
                                                                          Entropy (8bit):4.6285291749063635
                                                                          Encrypted:false
                                                                          SSDEEP:12:S+a8ljljljljlePXUiUG7ES+C14Q3iUG7E3nGz3A/XkAvkAvkAv:Ra0ZZZZCXU3ij7B3imG0Xk8k8k8
                                                                          MD5:46CBF8B5B01D4C41F1C7350352243568
                                                                          SHA1:E31E5D0384B68A50555B66749A98B3E0275CB326
                                                                          SHA-256:3C4DF48D70652547DF8648BB18CBA77E127AA230F1606C3532D473F07361F344
                                                                          SHA-512:FCB203DF6EAD2308CE1F5546538C773A6250CB4B022F31716C417AB756AEA49DAB013FA20E43016FCF77355F3A125BC359FB15AAD84E1E4417F947D8C083C7BA
                                                                          Malicious:false
                                                                          Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f................p..j................next-map-id.1.Knamespace-9e0ac7c8_65a2_46a3_a123_5ed5780734f3-https://accounts.google.com/.0.4..k................next-map-id.2.Lnamespace-9e0ac7c8_65a2_46a3_a123_5ed5780734f3-https://accounts.youtube.com/.1. .................. .................. .................. .................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):324
                                                                          Entropy (8bit):5.132575914780509
                                                                          Encrypted:false
                                                                          SSDEEP:6:Pxo+aq2P923oH+TcwtrQMxIFUt82xo9Zmw+2xoSzkwO923oH+TcwtrQMFLJ:Px3av4YebCFUt82xQ/+2xN5LYebtJ
                                                                          MD5:3623005E5F0EA245B88B0DABC0B3D9AB
                                                                          SHA1:1DE5B5935F56C0C86216D50C1CB42DBB857ADCF0
                                                                          SHA-256:F97DE284A16B6ECDC7B2119A4F04F3C5FD6C24BAD3615D51A312575DD81B254F
                                                                          SHA-512:1F1A5FB590A0C4AFF4A6F662E06B6FDBD77C7D270256C5FDD1FB3E4D65996CE4DC3F90E53E11DCE729FBFAAC25AB1F8B2978C08BC02D2E0057054E1F3E5DC072
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:03.914 1e84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/06-06:32:03.915 1e84 Recovering log #3.2024/09/06-06:32:03.918 1e84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):324
                                                                          Entropy (8bit):5.132575914780509
                                                                          Encrypted:false
                                                                          SSDEEP:6:Pxo+aq2P923oH+TcwtrQMxIFUt82xo9Zmw+2xoSzkwO923oH+TcwtrQMFLJ:Px3av4YebCFUt82xQ/+2xN5LYebtJ
                                                                          MD5:3623005E5F0EA245B88B0DABC0B3D9AB
                                                                          SHA1:1DE5B5935F56C0C86216D50C1CB42DBB857ADCF0
                                                                          SHA-256:F97DE284A16B6ECDC7B2119A4F04F3C5FD6C24BAD3615D51A312575DD81B254F
                                                                          SHA-512:1F1A5FB590A0C4AFF4A6F662E06B6FDBD77C7D270256C5FDD1FB3E4D65996CE4DC3F90E53E11DCE729FBFAAC25AB1F8B2978C08BC02D2E0057054E1F3E5DC072
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:03.914 1e84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/06-06:32:03.915 1e84 Recovering log #3.2024/09/06-06:32:03.918 1e84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):7929
                                                                          Entropy (8bit):4.177992651985642
                                                                          Encrypted:false
                                                                          SSDEEP:192:3ne30eSq3P2Z98x/SX3P2Z98lSpew3c1mr:O3L2Z98E2Z98+q
                                                                          MD5:F1F27B8200497811317289F3D8330977
                                                                          SHA1:5D2954DF2E2F11AD30FB61E5A899E26EF0EFC9E7
                                                                          SHA-256:75E9CED61DAD81ECF15CB9808391DCFAF9B44F624F8FF4D63391EACFC300F9DD
                                                                          SHA-512:3D97EF19B622EFDD3CB8FB576FEEA13933690AF07D3D206C9902D2A1FB5D80A4FE477A642AF362A06A5FFEFBDEF2EB395DAEE005182ABF589CF396FE499EAD6A
                                                                          Malicious:false
                                                                          Preview:SNSS................................"........................................................!.............................................1..,.......$...9e0ac7c8_65a2_46a3_a123_5ed5780734f3...........................................................................................5..0.......&...{98952893-68FF-4A5D-A164-705C709ED3DB}......................................................................o...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium....117.....Google Chrome.......117.........Not;A=Brand.....8.0.0.0.....Chromium....117.0.5938.132......Google Chrome.......117.0.5938.132......117.0.5938.132......Windows.....10.0.0......x86.............64...........................................o...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium...
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):0.44194574462308833
                                                                          Encrypted:false
                                                                          SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                          MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                          SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                          SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                          SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):352
                                                                          Entropy (8bit):5.0978507546518586
                                                                          Encrypted:false
                                                                          SSDEEP:6:PxiLYUq2P923oH+Tcwt7Uh2ghZIFUt82xiAXZmw+2xiAFkwO923oH+Tcwt7Uh2gd:PxiLv4YebIhHh2FUt82xiM/+2xis5LYz
                                                                          MD5:B6873BC68C503A81A6D01950EF8A7D0D
                                                                          SHA1:9DEAC0086B91BD6FE89B928A3559B271AAEED367
                                                                          SHA-256:EDA1B58E40779B848BAFA85B9433E8D3814074E42224F8E470A033276E91F414
                                                                          SHA-512:69CF52908CCA939BE989B272B935D6433139C2ACC24E5129055DAB00E6E15F124FF6E273DB4E72ADC058F24D3DAC0E90A566767256037A072AC5C28C2EEDD923
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:03.359 1d60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/06-06:32:03.362 1d60 Recovering log #3.2024/09/06-06:32:03.362 1d60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):352
                                                                          Entropy (8bit):5.0978507546518586
                                                                          Encrypted:false
                                                                          SSDEEP:6:PxiLYUq2P923oH+Tcwt7Uh2ghZIFUt82xiAXZmw+2xiAFkwO923oH+Tcwt7Uh2gd:PxiLv4YebIhHh2FUt82xiM/+2xis5LYz
                                                                          MD5:B6873BC68C503A81A6D01950EF8A7D0D
                                                                          SHA1:9DEAC0086B91BD6FE89B928A3559B271AAEED367
                                                                          SHA-256:EDA1B58E40779B848BAFA85B9433E8D3814074E42224F8E470A033276E91F414
                                                                          SHA-512:69CF52908CCA939BE989B272B935D6433139C2ACC24E5129055DAB00E6E15F124FF6E273DB4E72ADC058F24D3DAC0E90A566767256037A072AC5C28C2EEDD923
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:03.359 1d60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/06-06:32:03.362 1d60 Recovering log #3.2024/09/06-06:32:03.362 1d60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):0.0012471779557650352
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):270336
                                                                          Entropy (8bit):0.0012471779557650352
                                                                          Encrypted:false
                                                                          SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                          MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                          SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                          SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                          SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):434
                                                                          Entropy (8bit):5.238993034184569
                                                                          Encrypted:false
                                                                          SSDEEP:12:P1kv4YebvqBQFUt8214T/+21Ijz5LYebvqBvJ:tO4YebvZg8k4xIBLYebvk
                                                                          MD5:9B773931A687E85CD025EF94AA256327
                                                                          SHA1:C678954B81502404728CE9ED35450B4B664414A8
                                                                          SHA-256:9C01A63D698A3D0292EC4B9E6FFBB5693FDC77EC78BF91BC7BA9DF26D5498C92
                                                                          SHA-512:D3146C053AA22048E1E367C5DA1A15E0C4E93B021CCDFB52CEF02546E691BD5CB8A4AE4CEF53E31617082BFC2ABF63A4F6106CDD6EB63AE976471BC6FEB6624C
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:04.177 1e84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/06-06:32:04.178 1e84 Recovering log #3.2024/09/06-06:32:04.181 1e84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):434
                                                                          Entropy (8bit):5.238993034184569
                                                                          Encrypted:false
                                                                          SSDEEP:12:P1kv4YebvqBQFUt8214T/+21Ijz5LYebvqBvJ:tO4YebvZg8k4xIBLYebvk
                                                                          MD5:9B773931A687E85CD025EF94AA256327
                                                                          SHA1:C678954B81502404728CE9ED35450B4B664414A8
                                                                          SHA-256:9C01A63D698A3D0292EC4B9E6FFBB5693FDC77EC78BF91BC7BA9DF26D5498C92
                                                                          SHA-512:D3146C053AA22048E1E367C5DA1A15E0C4E93B021CCDFB52CEF02546E691BD5CB8A4AE4CEF53E31617082BFC2ABF63A4F6106CDD6EB63AE976471BC6FEB6624C
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:04.177 1e84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/06-06:32:04.178 1e84 Recovering log #3.2024/09/06-06:32:04.181 1e84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:modified
                                                                          Size (bytes):144
                                                                          Entropy (8bit):4.842082263530856
                                                                          Encrypted:false
                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                          MD5:ABE81C38891A875B52127ACE9C314105
                                                                          SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                          SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                          SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):144
                                                                          Entropy (8bit):4.842082263530856
                                                                          Encrypted:false
                                                                          SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                          MD5:ABE81C38891A875B52127ACE9C314105
                                                                          SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                          SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                          SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                          Malicious:false
                                                                          Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2
                                                                          Entropy (8bit):1.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:H:H
                                                                          MD5:D751713988987E9331980363E24189CE
                                                                          SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                          SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                          SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                          Malicious:false
                                                                          Preview:[]
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):40
                                                                          Entropy (8bit):4.1275671571169275
                                                                          Encrypted:false
                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                          Malicious:false
                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                          Category:dropped
                                                                          Size (bytes):36864
                                                                          Entropy (8bit):0.3886039372934488
                                                                          Encrypted:false
                                                                          SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                          MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                          SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                          SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                          SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):40
                                                                          Entropy (8bit):4.1275671571169275
                                                                          Encrypted:false
                                                                          SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                          MD5:20D4B8FA017A12A108C87F540836E250
                                                                          SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                          SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                          SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                          Malicious:false
                                                                          Preview:{"SDCH":{"dictionaries":{},"version":2}}
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):80
                                                                          Entropy (8bit):3.4921535629071894
                                                                          Encrypted:false
                                                                          SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                          MD5:69449520FD9C139C534E2970342C6BD8
                                                                          SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                          SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                          SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                          Malicious:false
                                                                          Preview:*...#................version.1..namespace-..&f.................&f...............
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):422
                                                                          Entropy (8bit):5.231891623006914
                                                                          Encrypted:false
                                                                          SSDEEP:12:PtqOv4YebvqBZFUt82trZ/+2ta5LYebvqBaJ:sM4Yebvyg880LYebvL
                                                                          MD5:0652725652516B1002099B9E10E22983
                                                                          SHA1:BBB45166CD5C7EE1CA61A2FCCC48E70272BE65C0
                                                                          SHA-256:7F6C6682EDA59C0A0294683A2E0576105385F1EC96A491EA764D31E2D3DF1939
                                                                          SHA-512:64CB901E5DC037204B2DE783DC5494EAB07435F86BE95505FC5E0819E9E20D8B3AE74F954C33FD847EA05E7BA60A693D50B399AF2B95FF7C90650B485FB51449
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:21.052 1e84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/06-06:32:21.053 1e84 Recovering log #3.2024/09/06-06:32:21.056 1e84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):422
                                                                          Entropy (8bit):5.231891623006914
                                                                          Encrypted:false
                                                                          SSDEEP:12:PtqOv4YebvqBZFUt82trZ/+2ta5LYebvqBaJ:sM4Yebvyg880LYebvL
                                                                          MD5:0652725652516B1002099B9E10E22983
                                                                          SHA1:BBB45166CD5C7EE1CA61A2FCCC48E70272BE65C0
                                                                          SHA-256:7F6C6682EDA59C0A0294683A2E0576105385F1EC96A491EA764D31E2D3DF1939
                                                                          SHA-512:64CB901E5DC037204B2DE783DC5494EAB07435F86BE95505FC5E0819E9E20D8B3AE74F954C33FD847EA05E7BA60A693D50B399AF2B95FF7C90650B485FB51449
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:21.052 1e84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/06-06:32:21.053 1e84 Recovering log #3.2024/09/06-06:32:21.056 1e84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):328
                                                                          Entropy (8bit):5.202911691515368
                                                                          Encrypted:false
                                                                          SSDEEP:6:PxbHX9+q2P923oH+TcwtpIFUt82xxJZmw+2xi9VkwO923oH+Tcwta/WLJ:Pxb34v4YebmFUt82xxJ/+2xiD5LYebaQ
                                                                          MD5:4838188EE4F25119D127ACFDFD06FB4D
                                                                          SHA1:BB050F95AED73A7B1821FAE6C82786272DC325BD
                                                                          SHA-256:7FF0F6562C4583B4FAB18691EFD0EEE2D8B0F345CD4908D47FB1C9C792DDAEA0
                                                                          SHA-512:AA2802E88ADFA7F8980F49FEB125833C224B387663B948116BF05292F7DCFBF05169F9C39162F96331FB1E18A5A09336F59C0072CBA876BEDD338D2F485C8AF5
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:03.430 1db8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/06-06:32:03.432 1db8 Recovering log #3.2024/09/06-06:32:03.433 1db8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):328
                                                                          Entropy (8bit):5.202911691515368
                                                                          Encrypted:false
                                                                          SSDEEP:6:PxbHX9+q2P923oH+TcwtpIFUt82xxJZmw+2xi9VkwO923oH+Tcwta/WLJ:Pxb34v4YebmFUt82xxJ/+2xiD5LYebaQ
                                                                          MD5:4838188EE4F25119D127ACFDFD06FB4D
                                                                          SHA1:BB050F95AED73A7B1821FAE6C82786272DC325BD
                                                                          SHA-256:7FF0F6562C4583B4FAB18691EFD0EEE2D8B0F345CD4908D47FB1C9C792DDAEA0
                                                                          SHA-512:AA2802E88ADFA7F8980F49FEB125833C224B387663B948116BF05292F7DCFBF05169F9C39162F96331FB1E18A5A09336F59C0072CBA876BEDD338D2F485C8AF5
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:03.430 1db8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/06-06:32:03.432 1db8 Recovering log #3.2024/09/06-06:32:03.433 1db8 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):131072
                                                                          Entropy (8bit):0.005411199455449947
                                                                          Encrypted:false
                                                                          SSDEEP:3:ImtVF+R5I/TGl/LAPll:IiVEYKt
                                                                          MD5:D4459047F188FD5269A26C578EFE2BDF
                                                                          SHA1:732B8FEED26A9708276A49CCFAC2CDCDEF461E8B
                                                                          SHA-256:2152F7C3B8D59C8B25CFF09423A007CA63EFB423E2F35D62FAC22EBE400813B5
                                                                          SHA-512:95A14885C46093A8F7A96AE7051CFDCC0A1103FFC4D017825561179E3C80E5371E3EE8252FB5D5464CC3F466EDF361357B6E086143A88DE28F5B6CA3A080B468
                                                                          Malicious:false
                                                                          Preview:VLnk.....?......?......+................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                          Category:dropped
                                                                          Size (bytes):196608
                                                                          Entropy (8bit):1.2650391452486103
                                                                          Encrypted:false
                                                                          SSDEEP:384:8/2qOB1nxCkMdtSAELyKOMq+8yC8F/YfU5m+OlTLVumn:Bq+n0JH9ELyKOMq+8y9/Owo
                                                                          MD5:AC75F0FA71CAF5CFB6D05947899B9C0E
                                                                          SHA1:252A6689681FFA12275E3A10BF490D1DBB572519
                                                                          SHA-256:37620B9B9DFB465C68203173001564330D0FB0871A5150AE339984804A2DAACE
                                                                          SHA-512:7381A16492EB5FADE490AD9B134DB428D7D82242A8A8756E7B13F822A20F2EA263259343F5E8356278F92D47D06D76311211E9F92A8D7748EF17F54FE966C03E
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 11, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 11
                                                                          Category:dropped
                                                                          Size (bytes):14336
                                                                          Entropy (8bit):1.414852671633689
                                                                          Encrypted:false
                                                                          SSDEEP:48:fK3tjkSdj5IUltGhp22iSBg92RydJM7cLr72RydJMhxj/:ftSjGhp22iS1S5L+SY
                                                                          MD5:9731690E49B2E685A3BD41FFE3EEAC29
                                                                          SHA1:69EDC53097238F64C1F527C4BBA5059B7F3B1E96
                                                                          SHA-256:57D0307EE5B1E935FEFF5C2133E9B76CC55D54732A993943AB8A3EEF01B7FB58
                                                                          SHA-512:E9479A55B2190485AB74576AC873E776EBBA70953FF6E05D233EB85DD86D2E23BC09CD8E1879389F5828824A017CC8E8E628B38B2F0DEC78804165DA8E5B015D
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):40960
                                                                          Entropy (8bit):0.41235120905181716
                                                                          Encrypted:false
                                                                          SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                                          MD5:981F351994975A68A0DD3ECE5E889FD0
                                                                          SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                                          SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                                          SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):11755
                                                                          Entropy (8bit):5.190465908239046
                                                                          Encrypted:false
                                                                          SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                          MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                          SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                          SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                          SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                          Malicious:false
                                                                          Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):115717
                                                                          Entropy (8bit):5.183660917461099
                                                                          Encrypted:false
                                                                          SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                          MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                          SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                          SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                          SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                          Malicious:false
                                                                          Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                          Category:dropped
                                                                          Size (bytes):28672
                                                                          Entropy (8bit):0.3410017321959524
                                                                          Encrypted:false
                                                                          SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                          MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                          SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                          SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                          SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):32768
                                                                          Entropy (8bit):0.11518860779598714
                                                                          Encrypted:false
                                                                          SSDEEP:12:WtZM1WtZM1wpEjVl/PnnnnnnnnnnnnnnnvoQsUQo8AGS:WtOMtOKoPnnnnnnnnnnnnnnnvN3zd
                                                                          MD5:59A46EBAF665FC78A66AC35D5FB27E9E
                                                                          SHA1:AA11C2477E1EA7613CFB478E299E492311550B88
                                                                          SHA-256:D02D0186F2F3F7DCE966CA6C598E56D1AA0902CA950E7DE832424005615C8E4C
                                                                          SHA-512:32406E25117AD0C642CAE9DE0689E8D3E3C8EF52E8C002221B44776B9F6640ED458EE062B778D74AC0703EE3EB717D7A008242CE00728D016D6195F77203BE29
                                                                          Malicious:false
                                                                          Preview:..-.............]........_....%..4..}....3...`..-.............]........_....%..4..}....3...`........Y...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite Write-Ahead Log, version 3007000
                                                                          Category:dropped
                                                                          Size (bytes):383192
                                                                          Entropy (8bit):1.0833900071602256
                                                                          Encrypted:false
                                                                          SSDEEP:192:jt7/02b2oMqvQE7uco+3m8O7hfV29MVVYM56VRMwb6VsMLMb6V6MIOMb6VqMzVOV:G2TuO3mDlLNvdXjRZmlF+JWn11F7zZ
                                                                          MD5:047E265970065D6D0BF2F3AAAA0418D4
                                                                          SHA1:25577448DEA9BFFD1222E6E03CD440649F3A312B
                                                                          SHA-256:C8DD31B0513EFAC82B28DBD362A695398F714028570811E6E3E32C5186021C3D
                                                                          SHA-512:6784A9ACD37E87F8C4FF25181E1DB7DA6244E0CFF1CD797F1F794A7E0748521887D2E684EA0FD2ECFE1C6A29E3DFA1ECD3B09B1EB1E7BF51A1E10686A99F1353
                                                                          Malicious:false
                                                                          Preview:7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:modified
                                                                          Size (bytes):723
                                                                          Entropy (8bit):3.203426471149134
                                                                          Encrypted:false
                                                                          SSDEEP:12:Wlc8NOuuuuuuuuuuuuuuuuuuuuuuuO8IU:iD
                                                                          MD5:45459622F1C97E87902C3014319294DE
                                                                          SHA1:B547EEC49A55D97136D0C0E1AF4AFDCA69BA286C
                                                                          SHA-256:A27C5AE453CB940AE355846824DA4A5E66372A5A4514F47F43770274529D962E
                                                                          SHA-512:7A62378232D7411E7C8BA740B8FDD1D00D5575EEED15FE67A2AC88C35C7861588609C567F0865A0CFF4A9EDAD80B3CBE0BE5DC8E1F71D55EA764F89384B74652
                                                                          Malicious:false
                                                                          Preview:A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=.................1=0................39_config..........6.....n ....1V.e................V.e................V.e................V.e................V.e................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):324
                                                                          Entropy (8bit):5.166548428668473
                                                                          Encrypted:false
                                                                          SSDEEP:6:PxoLYdlWM+q2P923oH+TcwtfrK+IFUt82xom1Zmw+2xowWMVkwO923oH+TcwtfrF:PxqYLL+v4Yeb23FUt82x1/+2xxLV5LYq
                                                                          MD5:07C14E0FE6AAC13E3A1D7A71494728E8
                                                                          SHA1:48E67CEAB40ACDA1557FD63100A7C2F34FA3BEB0
                                                                          SHA-256:AF6F3706A46A8BB36AA730C2D8FDE2902AFCD571C98B4A6F2E3653DF55EECE39
                                                                          SHA-512:3D2AC65424736EB5B45EC58FEE42355229865991BBC0E2AC8C323369DB5EED399461AA75DFD1412CDE7FD24DEA1621DA543E726A40A626E590C86FE31456735E
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:03.959 1dac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/09/06-06:32:03.960 1dac Recovering log #3.2024/09/06-06:32:03.960 1dac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):324
                                                                          Entropy (8bit):5.166548428668473
                                                                          Encrypted:false
                                                                          SSDEEP:6:PxoLYdlWM+q2P923oH+TcwtfrK+IFUt82xom1Zmw+2xowWMVkwO923oH+TcwtfrF:PxqYLL+v4Yeb23FUt82x1/+2xxLV5LYq
                                                                          MD5:07C14E0FE6AAC13E3A1D7A71494728E8
                                                                          SHA1:48E67CEAB40ACDA1557FD63100A7C2F34FA3BEB0
                                                                          SHA-256:AF6F3706A46A8BB36AA730C2D8FDE2902AFCD571C98B4A6F2E3653DF55EECE39
                                                                          SHA-512:3D2AC65424736EB5B45EC58FEE42355229865991BBC0E2AC8C323369DB5EED399461AA75DFD1412CDE7FD24DEA1621DA543E726A40A626E590C86FE31456735E
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:03.959 1dac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/09/06-06:32:03.960 1dac Recovering log #3.2024/09/06-06:32:03.960 1dac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):787
                                                                          Entropy (8bit):4.059252238767438
                                                                          Encrypted:false
                                                                          SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
                                                                          MD5:D8D8899761F621B63AD5ED6DF46D22FE
                                                                          SHA1:23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
                                                                          SHA-256:A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
                                                                          SHA-512:4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
                                                                          Malicious:false
                                                                          Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):342
                                                                          Entropy (8bit):5.175987411829505
                                                                          Encrypted:false
                                                                          SSDEEP:6:PxoZYLWM+q2P923oH+TcwtfrzAdIFUt82xopz1Zmw+2xoplWMVkwO923oH+TcwtS:PxvL+v4Yeb9FUt82xaZ/+2xalLV5LYe+
                                                                          MD5:4946F0E5A199478CA48E0AF590EA5169
                                                                          SHA1:B945046236FECBD59ACCB06E59A04B242E540D8A
                                                                          SHA-256:ADCD0AA4EF3E122A3B3E6553BDAA6E8106650688184802260B0FF0B680D442A6
                                                                          SHA-512:961CB128748DF752A608E65EAF0D4CE168C035C8A80F0D16150617E2E202B228180E9A6B3A941CC8C99860102158A977DAFD161CF112D83C8B4FB81CEEE2B263
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:03.953 1dac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/09/06-06:32:03.954 1dac Recovering log #3.2024/09/06-06:32:03.954 1dac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):342
                                                                          Entropy (8bit):5.175987411829505
                                                                          Encrypted:false
                                                                          SSDEEP:6:PxoZYLWM+q2P923oH+TcwtfrzAdIFUt82xopz1Zmw+2xoplWMVkwO923oH+TcwtS:PxvL+v4Yeb9FUt82xaZ/+2xalLV5LYe+
                                                                          MD5:4946F0E5A199478CA48E0AF590EA5169
                                                                          SHA1:B945046236FECBD59ACCB06E59A04B242E540D8A
                                                                          SHA-256:ADCD0AA4EF3E122A3B3E6553BDAA6E8106650688184802260B0FF0B680D442A6
                                                                          SHA-512:961CB128748DF752A608E65EAF0D4CE168C035C8A80F0D16150617E2E202B228180E9A6B3A941CC8C99860102158A977DAFD161CF112D83C8B4FB81CEEE2B263
                                                                          Malicious:false
                                                                          Preview:2024/09/06-06:32:03.953 1dac Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/09/06-06:32:03.954 1dac Recovering log #3.2024/09/06-06:32:03.954 1dac Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):120
                                                                          Entropy (8bit):3.32524464792714
                                                                          Encrypted:false
                                                                          SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                          MD5:A397E5983D4A1619E36143B4D804B870
                                                                          SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                          SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                          SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                          Malicious:false
                                                                          Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):13
                                                                          Entropy (8bit):2.7192945256669794
                                                                          Encrypted:false
                                                                          SSDEEP:3:NYLFRQI:ap2I
                                                                          MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                          SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                          SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                          SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                          Malicious:false
                                                                          Preview:117.0.2045.47
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):44137
                                                                          Entropy (8bit):6.090718925828102
                                                                          Encrypted:false
                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM7wuF9hDO6vP6O+6tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE36vtbz8hu3VlXr4CRo1
                                                                          MD5:3C1FDA2C59D9A0D8C2D368FEE6579205
                                                                          SHA1:894801E311F99D19666A155DE8E50AF657ED44ED
                                                                          SHA-256:2E8D8E93F78A77083768BB27CA3F610BD59869EE6E0548A4785EFCC468A837F5
                                                                          SHA-512:62980C698BE9A8B05122C70AE3580CCFB2C292C2B7D4239C4A818931811A2B3646AC37CD2D28CD6058B5BE1D77B37954A579F4A79A9D045CD2A2D5FB59BABAA0
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):44137
                                                                          Entropy (8bit):6.090718925828102
                                                                          Encrypted:false
                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM7wuF9hDO6vP6O+6tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE36vtbz8hu3VlXr4CRo1
                                                                          MD5:3C1FDA2C59D9A0D8C2D368FEE6579205
                                                                          SHA1:894801E311F99D19666A155DE8E50AF657ED44ED
                                                                          SHA-256:2E8D8E93F78A77083768BB27CA3F610BD59869EE6E0548A4785EFCC468A837F5
                                                                          SHA-512:62980C698BE9A8B05122C70AE3580CCFB2C292C2B7D4239C4A818931811A2B3646AC37CD2D28CD6058B5BE1D77B37954A579F4A79A9D045CD2A2D5FB59BABAA0
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):44137
                                                                          Entropy (8bit):6.090718925828102
                                                                          Encrypted:false
                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM7wuF9hDO6vP6O+6tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE36vtbz8hu3VlXr4CRo1
                                                                          MD5:3C1FDA2C59D9A0D8C2D368FEE6579205
                                                                          SHA1:894801E311F99D19666A155DE8E50AF657ED44ED
                                                                          SHA-256:2E8D8E93F78A77083768BB27CA3F610BD59869EE6E0548A4785EFCC468A837F5
                                                                          SHA-512:62980C698BE9A8B05122C70AE3580CCFB2C292C2B7D4239C4A818931811A2B3646AC37CD2D28CD6058B5BE1D77B37954A579F4A79A9D045CD2A2D5FB59BABAA0
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):44137
                                                                          Entropy (8bit):6.090718925828102
                                                                          Encrypted:false
                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM7wuF9hDO6vP6O+6tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE36vtbz8hu3VlXr4CRo1
                                                                          MD5:3C1FDA2C59D9A0D8C2D368FEE6579205
                                                                          SHA1:894801E311F99D19666A155DE8E50AF657ED44ED
                                                                          SHA-256:2E8D8E93F78A77083768BB27CA3F610BD59869EE6E0548A4785EFCC468A837F5
                                                                          SHA-512:62980C698BE9A8B05122C70AE3580CCFB2C292C2B7D4239C4A818931811A2B3646AC37CD2D28CD6058B5BE1D77B37954A579F4A79A9D045CD2A2D5FB59BABAA0
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):44137
                                                                          Entropy (8bit):6.090718925828102
                                                                          Encrypted:false
                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM7wuF9hDO6vP6O+6tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE36vtbz8hu3VlXr4CRo1
                                                                          MD5:3C1FDA2C59D9A0D8C2D368FEE6579205
                                                                          SHA1:894801E311F99D19666A155DE8E50AF657ED44ED
                                                                          SHA-256:2E8D8E93F78A77083768BB27CA3F610BD59869EE6E0548A4785EFCC468A837F5
                                                                          SHA-512:62980C698BE9A8B05122C70AE3580CCFB2C292C2B7D4239C4A818931811A2B3646AC37CD2D28CD6058B5BE1D77B37954A579F4A79A9D045CD2A2D5FB59BABAA0
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):44137
                                                                          Entropy (8bit):6.090718925828102
                                                                          Encrypted:false
                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM7wuF9hDO6vP6O+6tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE36vtbz8hu3VlXr4CRo1
                                                                          MD5:3C1FDA2C59D9A0D8C2D368FEE6579205
                                                                          SHA1:894801E311F99D19666A155DE8E50AF657ED44ED
                                                                          SHA-256:2E8D8E93F78A77083768BB27CA3F610BD59869EE6E0548A4785EFCC468A837F5
                                                                          SHA-512:62980C698BE9A8B05122C70AE3580CCFB2C292C2B7D4239C4A818931811A2B3646AC37CD2D28CD6058B5BE1D77B37954A579F4A79A9D045CD2A2D5FB59BABAA0
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):44137
                                                                          Entropy (8bit):6.090718925828102
                                                                          Encrypted:false
                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM7wuF9hDO6vP6O+6tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE36vtbz8hu3VlXr4CRo1
                                                                          MD5:3C1FDA2C59D9A0D8C2D368FEE6579205
                                                                          SHA1:894801E311F99D19666A155DE8E50AF657ED44ED
                                                                          SHA-256:2E8D8E93F78A77083768BB27CA3F610BD59869EE6E0548A4785EFCC468A837F5
                                                                          SHA-512:62980C698BE9A8B05122C70AE3580CCFB2C292C2B7D4239C4A818931811A2B3646AC37CD2D28CD6058B5BE1D77B37954A579F4A79A9D045CD2A2D5FB59BABAA0
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                          Category:dropped
                                                                          Size (bytes):20480
                                                                          Entropy (8bit):0.5963118027796015
                                                                          Encrypted:false
                                                                          SSDEEP:12:TLyeuAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isTydBVzQd9U9ez/qS9i:TLyXOUOq0afDdWec9sJz+Z7J5fc
                                                                          MD5:48A6A0713B06707BC2FE9A0F381748D3
                                                                          SHA1:043A614CFEF749A49837F19F627B9D6B73F15039
                                                                          SHA-256:2F2006ADEA26E5FF95198883A080C9881D774154D073051FC69053AF912B037B
                                                                          SHA-512:4C04FFAE2B558EB4C05AD9DCA094700D927AFAD1E561D6358F1A77CB09FC481A6424237DFF6AB37D147E029E19D565E876CD85A2E9C0EC1B068002AA13A16DBA
                                                                          Malicious:false
                                                                          Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):47
                                                                          Entropy (8bit):4.3818353308528755
                                                                          Encrypted:false
                                                                          SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                          MD5:48324111147DECC23AC222A361873FC5
                                                                          SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                          SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                          SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                          Malicious:false
                                                                          Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):35
                                                                          Entropy (8bit):4.014438730983427
                                                                          Encrypted:false
                                                                          SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                          MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                          SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                          SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                          SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                          Malicious:false
                                                                          Preview:{"forceServiceDetermination":false}
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):50
                                                                          Entropy (8bit):3.9904355005135823
                                                                          Encrypted:false
                                                                          SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                                          MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                                          SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                                          SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                                          SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                                          Malicious:false
                                                                          Preview:topTraffic_170540185939602997400506234197983529371
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):575056
                                                                          Entropy (8bit):7.999649474060713
                                                                          Encrypted:true
                                                                          SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                          MD5:BE5D1A12C1644421F877787F8E76642D
                                                                          SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                          SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                          SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                          Malicious:false
                                                                          Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):86
                                                                          Entropy (8bit):4.3751917412896075
                                                                          Encrypted:false
                                                                          SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                                                          MD5:16B7586B9EBA5296EA04B791FC3D675E
                                                                          SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                                                          SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                                                          SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                                                          Malicious:false
                                                                          Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):45975
                                                                          Entropy (8bit):6.088076423900679
                                                                          Encrypted:false
                                                                          SSDEEP:768:mMGQ7FCYXGIgtDAWtJ4p99HLjhDO6vP6OletGOjjM+0y3qr3PFDrUT8Y9VQavCAk:mMGQ5XMBm99k6Ejjz9yavRobhu3VlXrY
                                                                          MD5:8B2FD2DE24CFC92DB313175F0A2852CF
                                                                          SHA1:A9F3AC553AE55E3573CC09B71770A208E71A989B
                                                                          SHA-256:906FF6900B798C6494A2F893F139CCA997AAF1B20B52753719A126E9C98F8FFF
                                                                          SHA-512:1229B8FB79BD26BEB332177139B6C1A83E8C260026CFD0A0EC5DF4E6E1ACD27657AFCA335B9CFAD97EEBD0B7B21171B2A6E53DD85A04D80278D7BA5450587DB8
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):44137
                                                                          Entropy (8bit):6.090718925828102
                                                                          Encrypted:false
                                                                          SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBM7wuF9hDO6vP6O+6tbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynE36vtbz8hu3VlXr4CRo1
                                                                          MD5:3C1FDA2C59D9A0D8C2D368FEE6579205
                                                                          SHA1:894801E311F99D19666A155DE8E50AF657ED44ED
                                                                          SHA-256:2E8D8E93F78A77083768BB27CA3F610BD59869EE6E0548A4785EFCC468A837F5
                                                                          SHA-512:62980C698BE9A8B05122C70AE3580CCFB2C292C2B7D4239C4A818931811A2B3646AC37CD2D28CD6058B5BE1D77B37954A579F4A79A9D045CD2A2D5FB59BABAA0
                                                                          Malicious:false
                                                                          Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):2278
                                                                          Entropy (8bit):3.8506909094682475
                                                                          Encrypted:false
                                                                          SSDEEP:48:uiTrlKxrgxTtxl9Il8uEuXPafTWUPTl55lo90Nd1rc:m8Y9PafTWUPJFw0W
                                                                          MD5:A3E6DC0378A85CA06D61AEE09005E87B
                                                                          SHA1:1B36AC3F32F1A58698E1C39F80F0A1F185AB8B45
                                                                          SHA-256:1F924A903A74CA8002914E5CC1EF6038CE1FB1FA53225D7AA4BE23A47AB70B8D
                                                                          SHA-512:8CB0D4FC1A4BE56626F8F078511FD988BBB5E54300E3BA479268BA2500FE9CC7625CDB10873E34B37395893CDB5A5CFE40762CDB6F54C54BE44A03896BFA96B7
                                                                          Malicious:false
                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.N.V.q.Z.1.A.A.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.M.9.+.K.2.v.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):4622
                                                                          Entropy (8bit):3.998008016021337
                                                                          Encrypted:false
                                                                          SSDEEP:96:SYR/jDPtOKWu4oTWI8FAUbiAcr2JE9Jb44:Sa2pcrvY4
                                                                          MD5:B163084B739A60195251C0AF6A36FA4B
                                                                          SHA1:66F45EFC543A3F0E98EFD8859BFDBA7B91FBA03F
                                                                          SHA-256:B2F2A98981B0FB3ABE585F042FF5DF4CDEC0000AB1EC1728C1A748B4E26A8671
                                                                          SHA-512:BBB7545962213E5359434F94FB7AE96444E0BEEAE33BE138A4F38FF9E822771C4E226FB25EF3B0D9F2AF4E0A3B167269BD3556DCD62C1694BC2B59B42BAE8CB5
                                                                          Malicious:false
                                                                          Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".U.3.M.b.T.U.g.A.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.R.g.V.I.l.e.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                          Category:dropped
                                                                          Size (bytes):206855
                                                                          Entropy (8bit):7.983996634657522
                                                                          Encrypted:false
                                                                          SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                          MD5:788DF0376CE061534448AA17288FEA95
                                                                          SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                          SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                          SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                          Malicious:false
                                                                          Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:very short file (no magic)
                                                                          Category:dropped
                                                                          Size (bytes):1
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:L:L
                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                          Malicious:false
                                                                          Preview:.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Google Chrome extension, version 3
                                                                          Category:dropped
                                                                          Size (bytes):11185
                                                                          Entropy (8bit):7.951995436832936
                                                                          Encrypted:false
                                                                          SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                          MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                          SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                          SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                          SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                          Malicious:false
                                                                          Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
                                                                          Category:dropped
                                                                          Size (bytes):76321
                                                                          Entropy (8bit):7.996057445951542
                                                                          Encrypted:true
                                                                          SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6wpGzxue:GdS8scZNzFrMa4M+lK5/nXexue
                                                                          MD5:D7A1AC56ED4F4D17DD0524C88892C56D
                                                                          SHA1:4153CA1A9A4FD0F781ECD5BA9D2A1E68C760ECD4
                                                                          SHA-256:0A29576C4002D863B0C5AE7A0B36C0BBEB0FB9AFD16B008451D4142C07E1FF2B
                                                                          SHA-512:31503F2F6831070E887EA104296E17EE755BB6BBFB1EF2A15371534BFA2D3F0CD53862389625CF498754B071885A53E1A7F82A3546275DB1F4588E0E80BF7BEE
                                                                          Malicious:false
                                                                          Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 693860
                                                                          Category:dropped
                                                                          Size (bytes):524320
                                                                          Entropy (8bit):7.998183579848625
                                                                          Encrypted:true
                                                                          SSDEEP:12288:o1vng/BfmcGDwmyu0bCD7gdjz/H9mf+x4AsLXZ+E70G8OlmP6:Yng5eAmx1wjzPO+x4AsLXZbx8OJ
                                                                          MD5:3E0D12EEC94B5CCA3957EDEB958F233F
                                                                          SHA1:1FF43AD5872DEA0DFDACA8F204A152181853A1BA
                                                                          SHA-256:B2C42CF3065C50EE38954B8AB6EAA173FE162DC1260922B90FA90ABBBC2635A6
                                                                          SHA-512:A1E7894A7A5299A234970345E6435B54D2947089984531EA960B8AEF8660236AC416E7F8EE19D21E59EF4BC4298DEE461FE7E301E9C684DE96E2CD9D9E27C4FB
                                                                          Malicious:false
                                                                          Preview:...........kw.H.0.W.........X..$....8$.g.`.&!......o?U.]..Fr..t....q................jt8....W....Y.....N.n.p.O!...R...z6s.?{...~5]=...........f.=g.7.....5*)......<...I.n.XL.o/.'......w..d.......0.oM.F.l..W7..5.=dQ.dOo.................K......8.?.O?\(..............az|.......c....~..N....v.}3............]}.p.c......W..]...].....{.(}7...OB...n.....e..>ZV....v.t...v.N.y.....#/............}........?.(n.~3v[..!...S...qq. .{b../^..6...x9..~......+../\.FS.f..?G..z._.U..}..V.%Ni ...~....d....7h....ke../>.}...v..........H59.....&&.X..~j.m/h.I..].^f.....:...s.<9..>_.....bx^.F0.5......!....=..g.L<O]..+..V._..$j.iSk...a..nf...6...-.;S..=...z...>.VO...Z..D..xN..x.N..N......:.O`.W..d9]..O{.=^Pn!...zf..@3*g..YPj].N..j.Cwa..K..Yk{k;b>Ce.R{[Gy....}.l;&X..%.......y...6.ck..ioz..}.>...:.Q.6+`=... ..Z...\.x.Fb.].`...+..]..s.n..ex.q[.Y.m..n.aK..bT.=..V.?{..DG.l..~.5..F3..v...\j.-)..Vv.n.1uB..>.........8-.3.mA.....cl....a5...o..7..ui....njo6..rzv./\}...Xk..n
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:very short file (no magic)
                                                                          Category:dropped
                                                                          Size (bytes):1
                                                                          Entropy (8bit):0.0
                                                                          Encrypted:false
                                                                          SSDEEP:3:L:L
                                                                          MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                          SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                          SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                          SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                          Malicious:false
                                                                          Preview:.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2110
                                                                          Entropy (8bit):5.399290657201176
                                                                          Encrypted:false
                                                                          SSDEEP:48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854Rr3:8e2Fa116uCntc5toYxGIqM
                                                                          MD5:D2CE09B87DC5932FA9267992A700230F
                                                                          SHA1:E20500B0A436B3FB4C6D1380E1F0985DF6B8E205
                                                                          SHA-256:BACF00CE272948F31A36AA656AB0EAAF31EBCB43A554041F7F7BD427068354F4
                                                                          SHA-512:7BA04F3759A3281303DE55DD6D7908F49E8E2E304B80C2E8740ABE49F2A386485034BD984508BF29AB7E61FC50E2FE6DF010933B132D48FA5DFABEA609B40390
                                                                          Malicious:false
                                                                          Preview:{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Google Chrome extension, version 3
                                                                          Category:dropped
                                                                          Size (bytes):135751
                                                                          Entropy (8bit):7.804610863392373
                                                                          Encrypted:false
                                                                          SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                          MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                          SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                          SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                          SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                          Malicious:false
                                                                          Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                          Category:dropped
                                                                          Size (bytes):32768
                                                                          Entropy (8bit):0.4593089050301797
                                                                          Encrypted:false
                                                                          SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                          MD5:D910AD167F0217587501FDCDB33CC544
                                                                          SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                          SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                          SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                          Malicious:false
                                                                          Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                          Category:dropped
                                                                          Size (bytes):4982
                                                                          Entropy (8bit):7.929761711048726
                                                                          Encrypted:false
                                                                          SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                          MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                          SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                          SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                          SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                          Malicious:false
                                                                          Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):908
                                                                          Entropy (8bit):4.512512697156616
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                          MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                          SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                          SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                          SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1285
                                                                          Entropy (8bit):4.702209356847184
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                          MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                          SHA1:58979859B28513608626B563138097DC19236F1F
                                                                          SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                          SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1244
                                                                          Entropy (8bit):4.5533961615623735
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                          MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                          SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                          SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                          SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):977
                                                                          Entropy (8bit):4.867640976960053
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                          MD5:9A798FD298008074E59ECC253E2F2933
                                                                          SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                          SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                          SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3107
                                                                          Entropy (8bit):3.535189746470889
                                                                          Encrypted:false
                                                                          SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                          MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                          SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                          SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                          SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1389
                                                                          Entropy (8bit):4.561317517930672
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                          MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                          SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                          SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                          SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1763
                                                                          Entropy (8bit):4.25392954144533
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                          MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                          SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                          SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                          SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):930
                                                                          Entropy (8bit):4.569672473374877
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                          MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                          SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                          SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                          SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):913
                                                                          Entropy (8bit):4.947221919047
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                          MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                          SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                          SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                          SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):806
                                                                          Entropy (8bit):4.815663786215102
                                                                          Encrypted:false
                                                                          SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                          MD5:A86407C6F20818972B80B9384ACFBBED
                                                                          SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                          SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                          SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):883
                                                                          Entropy (8bit):4.5096240460083905
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                          MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                          SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                          SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                          SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1031
                                                                          Entropy (8bit):4.621865814402898
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                          MD5:D116453277CC860D196887CEC6432FFE
                                                                          SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                          SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                          SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1613
                                                                          Entropy (8bit):4.618182455684241
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                          MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                          SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                          SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                          SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):851
                                                                          Entropy (8bit):4.4858053753176526
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):851
                                                                          Entropy (8bit):4.4858053753176526
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                          MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                          SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                          SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                          SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):848
                                                                          Entropy (8bit):4.494568170878587
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                          MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                          SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                          SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                          SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1425
                                                                          Entropy (8bit):4.461560329690825
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                          MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                          SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                          SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                          SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                          Malicious:false
                                                                          Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):961
                                                                          Entropy (8bit):4.537633413451255
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                          MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                          SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                          SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                          SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):959
                                                                          Entropy (8bit):4.570019855018913
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                          MD5:535331F8FB98894877811B14994FEA9D
                                                                          SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                          SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                          SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):968
                                                                          Entropy (8bit):4.633956349931516
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                          MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                          SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                          SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                          SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):838
                                                                          Entropy (8bit):4.4975520913636595
                                                                          Encrypted:false
                                                                          SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                          MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                          SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                          SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                          SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1305
                                                                          Entropy (8bit):4.673517697192589
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                          MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                          SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                          SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                          SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):911
                                                                          Entropy (8bit):4.6294343834070935
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                          MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                          SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                          SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                          SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):939
                                                                          Entropy (8bit):4.451724169062555
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                          MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                          SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                          SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                          SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):977
                                                                          Entropy (8bit):4.622066056638277
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                          MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                          SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                          SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                          SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):972
                                                                          Entropy (8bit):4.621319511196614
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                          MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                          SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                          SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                          SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):990
                                                                          Entropy (8bit):4.497202347098541
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                          MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                          SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                          SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                          SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1658
                                                                          Entropy (8bit):4.294833932445159
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                          MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                          SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                          SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                          SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1672
                                                                          Entropy (8bit):4.314484457325167
                                                                          Encrypted:false
                                                                          SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                          MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                          SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                          SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                          SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):935
                                                                          Entropy (8bit):4.6369398601609735
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                          MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                          SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                          SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                          SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1065
                                                                          Entropy (8bit):4.816501737523951
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                          MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                          SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                          SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                          SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2771
                                                                          Entropy (8bit):3.7629875118570055
                                                                          Encrypted:false
                                                                          SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                          MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                          SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                          SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                          SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):858
                                                                          Entropy (8bit):4.474411340525479
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                          MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                          SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                          SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                          SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):954
                                                                          Entropy (8bit):4.631887382471946
                                                                          Encrypted:false
                                                                          SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                                                          MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                                                          SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                                                          SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                                                          SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):899
                                                                          Entropy (8bit):4.474743599345443
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                          MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                          SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                          SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                          SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2230
                                                                          Entropy (8bit):3.8239097369647634
                                                                          Encrypted:false
                                                                          SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                          MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                          SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                          SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                          SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1160
                                                                          Entropy (8bit):5.292894989863142
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                          MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                          SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                          SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                          SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3264
                                                                          Entropy (8bit):3.586016059431306
                                                                          Encrypted:false
                                                                          SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                          MD5:83F81D30913DC4344573D7A58BD20D85
                                                                          SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                          SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                          SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3235
                                                                          Entropy (8bit):3.6081439490236464
                                                                          Encrypted:false
                                                                          SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                          MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                          SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                          SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                          SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3122
                                                                          Entropy (8bit):3.891443295908904
                                                                          Encrypted:false
                                                                          SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                          MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                          SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                          SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                          SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1880
                                                                          Entropy (8bit):4.295185867329351
                                                                          Encrypted:false
                                                                          SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                                                          MD5:8E16966E815C3C274EEB8492B1EA6648
                                                                          SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                                                          SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                                                          SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1042
                                                                          Entropy (8bit):5.3945675025513955
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                          MD5:F3E59EEEB007144EA26306C20E04C292
                                                                          SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                          SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                          SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2535
                                                                          Entropy (8bit):3.8479764584971368
                                                                          Encrypted:false
                                                                          SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                          MD5:E20D6C27840B406555E2F5091B118FC5
                                                                          SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                          SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                          SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1028
                                                                          Entropy (8bit):4.797571191712988
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                          MD5:970544AB4622701FFDF66DC556847652
                                                                          SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                          SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                          SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):994
                                                                          Entropy (8bit):4.700308832360794
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                          MD5:A568A58817375590007D1B8ABCAEBF82
                                                                          SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                          SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                          SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2091
                                                                          Entropy (8bit):4.358252286391144
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                          MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                          SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                          SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                          SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2778
                                                                          Entropy (8bit):3.595196082412897
                                                                          Encrypted:false
                                                                          SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                          MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                          SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                          SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                          SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1719
                                                                          Entropy (8bit):4.287702203591075
                                                                          Encrypted:false
                                                                          SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                          MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                          SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                          SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                          SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):936
                                                                          Entropy (8bit):4.457879437756106
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                          MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                          SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                          SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                          SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):3830
                                                                          Entropy (8bit):3.5483353063347587
                                                                          Encrypted:false
                                                                          SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                          MD5:342335A22F1886B8BC92008597326B24
                                                                          SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                          SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                          SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1898
                                                                          Entropy (8bit):4.187050294267571
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                          MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                          SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                          SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                          SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):914
                                                                          Entropy (8bit):4.513485418448461
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                          MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                          SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                          SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                          SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):878
                                                                          Entropy (8bit):4.4541485835627475
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                          MD5:A1744B0F53CCF889955B95108367F9C8
                                                                          SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                          SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                          SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2766
                                                                          Entropy (8bit):3.839730779948262
                                                                          Encrypted:false
                                                                          SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                          MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                          SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                          SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                          SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):978
                                                                          Entropy (8bit):4.879137540019932
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                          MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                          SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                          SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                          SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):907
                                                                          Entropy (8bit):4.599411354657937
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                          MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                          SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                          SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                          SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):914
                                                                          Entropy (8bit):4.604761241355716
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                          MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                          SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                          SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                          SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):937
                                                                          Entropy (8bit):4.686555713975264
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                          MD5:BED8332AB788098D276B448EC2B33351
                                                                          SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                          SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                          SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1337
                                                                          Entropy (8bit):4.69531415794894
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                          MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                          SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                          SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                          SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2846
                                                                          Entropy (8bit):3.7416822879702547
                                                                          Encrypted:false
                                                                          SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                          MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                          SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                          SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                          SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):934
                                                                          Entropy (8bit):4.882122893545996
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                          MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                          SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                          SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                          SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):963
                                                                          Entropy (8bit):4.6041913416245
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                          MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                          SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                          SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                          SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1320
                                                                          Entropy (8bit):4.569671329405572
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                          MD5:7F5F8933D2D078618496C67526A2B066
                                                                          SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                          SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                          SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):884
                                                                          Entropy (8bit):4.627108704340797
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                          MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                          SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                          SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                          SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):980
                                                                          Entropy (8bit):4.50673686618174
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                          MD5:D0579209686889E079D87C23817EDDD5
                                                                          SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                          SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                          SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1941
                                                                          Entropy (8bit):4.132139619026436
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                          MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                          SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                          SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                          SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1969
                                                                          Entropy (8bit):4.327258153043599
                                                                          Encrypted:false
                                                                          SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                          MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                          SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                          SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                          SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1674
                                                                          Entropy (8bit):4.343724179386811
                                                                          Encrypted:false
                                                                          SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                          MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                          SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                          SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                          SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1063
                                                                          Entropy (8bit):4.853399816115876
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                          MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                          SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                          SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                          SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1333
                                                                          Entropy (8bit):4.686760246306605
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                          MD5:970963C25C2CEF16BB6F60952E103105
                                                                          SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                          SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                          SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1263
                                                                          Entropy (8bit):4.861856182762435
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                          MD5:8B4DF6A9281333341C939C244DDB7648
                                                                          SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                          SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                          SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1074
                                                                          Entropy (8bit):5.062722522759407
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                          MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                          SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                          SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                          SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):879
                                                                          Entropy (8bit):5.7905809868505544
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                          MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                          SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                          SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                          SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1205
                                                                          Entropy (8bit):4.50367724745418
                                                                          Encrypted:false
                                                                          SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                          MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                          SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                          SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                          SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):843
                                                                          Entropy (8bit):5.76581227215314
                                                                          Encrypted:false
                                                                          SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                          MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                          SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                          SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                          SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                          Malicious:false
                                                                          Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):912
                                                                          Entropy (8bit):4.65963951143349
                                                                          Encrypted:false
                                                                          SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                          MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                          SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                          SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                          SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                          Malicious:false
                                                                          Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):11280
                                                                          Entropy (8bit):5.754230909218899
                                                                          Encrypted:false
                                                                          SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
                                                                          MD5:BE5DB35513DDEF454CE3502B6418B9B4
                                                                          SHA1:C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
                                                                          SHA-256:C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
                                                                          SHA-512:38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
                                                                          Malicious:false
                                                                          Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):854
                                                                          Entropy (8bit):4.284628987131403
                                                                          Encrypted:false
                                                                          SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                          MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                          SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                          SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                          SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                          Malicious:false
                                                                          Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):2525
                                                                          Entropy (8bit):5.417689528134667
                                                                          Encrypted:false
                                                                          SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
                                                                          MD5:10FF8E5B674311683D27CE1879384954
                                                                          SHA1:9C269C14E067BB86642EB9F4816D75CF1B9B9158
                                                                          SHA-256:17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
                                                                          SHA-512:4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
                                                                          Malicious:false
                                                                          Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:HTML document, ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):97
                                                                          Entropy (8bit):4.862433271815736
                                                                          Encrypted:false
                                                                          SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                          MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                          SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                          SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                          SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                          Malicious:false
                                                                          Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with very long lines (4369)
                                                                          Category:dropped
                                                                          Size (bytes):95567
                                                                          Entropy (8bit):5.4016395763198135
                                                                          Encrypted:false
                                                                          SSDEEP:1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
                                                                          MD5:09AF2D8CFA8BF1078101DA78D09C4174
                                                                          SHA1:F2369551E2CDD86258062BEB0729EE4D93FCA050
                                                                          SHA-256:39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
                                                                          SHA-512:F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
                                                                          Malicious:false
                                                                          Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):291
                                                                          Entropy (8bit):4.65176400421739
                                                                          Encrypted:false
                                                                          SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                          MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                          SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                          SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                          SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                          Malicious:false
                                                                          Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:ASCII text, with very long lines (4369)
                                                                          Category:dropped
                                                                          Size (bytes):103988
                                                                          Entropy (8bit):5.389407461078688
                                                                          Encrypted:false
                                                                          SSDEEP:1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
                                                                          MD5:EA946F110850F17E637B15CF22B82837
                                                                          SHA1:8D27C963E76E3D2F5B8634EE66706F95F000FCAF
                                                                          SHA-256:029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
                                                                          SHA-512:5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
                                                                          Malicious:false
                                                                          Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Google Chrome extension, version 3
                                                                          Category:dropped
                                                                          Size (bytes):135751
                                                                          Entropy (8bit):7.804610863392373
                                                                          Encrypted:false
                                                                          SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                          MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                          SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                          SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                          SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                          Malicious:false
                                                                          Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Google Chrome extension, version 3
                                                                          Category:dropped
                                                                          Size (bytes):11185
                                                                          Entropy (8bit):7.951995436832936
                                                                          Encrypted:false
                                                                          SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                          MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                          SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                          SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                          SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                          Malicious:false
                                                                          Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):1753
                                                                          Entropy (8bit):5.8889033066924155
                                                                          Encrypted:false
                                                                          SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                          MD5:738E757B92939B24CDBBD0EFC2601315
                                                                          SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                          SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                          SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                          Malicious:false
                                                                          Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):9815
                                                                          Entropy (8bit):6.1716321262973315
                                                                          Encrypted:false
                                                                          SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                          MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                          SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                          SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                          SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                          Malicious:false
                                                                          Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                          Category:dropped
                                                                          Size (bytes):10388
                                                                          Entropy (8bit):6.174387413738973
                                                                          Encrypted:false
                                                                          SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                          MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                          SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                          SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                          SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                          Malicious:false
                                                                          Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr
                                                                          Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):962
                                                                          Entropy (8bit):5.698567446030411
                                                                          Encrypted:false
                                                                          SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                          MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                          SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                          SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                          SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                          Malicious:false
                                                                          Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                          Category:dropped
                                                                          Size (bytes):453023
                                                                          Entropy (8bit):7.997718157581587
                                                                          Encrypted:true
                                                                          SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                          MD5:85430BAED3398695717B0263807CF97C
                                                                          SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                          SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                          SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                          Malicious:false
                                                                          Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):24
                                                                          Entropy (8bit):3.91829583405449
                                                                          Encrypted:false
                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                          Malicious:false
                                                                          Preview:{"schema":6,"addons":[]}
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):24
                                                                          Entropy (8bit):3.91829583405449
                                                                          Encrypted:false
                                                                          SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                          MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                          SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                          SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                          SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                          Malicious:false
                                                                          Preview:{"schema":6,"addons":[]}
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                          Category:dropped
                                                                          Size (bytes):66
                                                                          Entropy (8bit):4.837595020998689
                                                                          Encrypted:false
                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                          Malicious:false
                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                          Category:dropped
                                                                          Size (bytes):66
                                                                          Entropy (8bit):4.837595020998689
                                                                          Encrypted:false
                                                                          SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                          MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                          SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                          SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                          SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                          Malicious:false
                                                                          Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):36830
                                                                          Entropy (8bit):5.1867463390487
                                                                          Encrypted:false
                                                                          SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                          MD5:98875950B62B398FFE70C0A8D0998017
                                                                          SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                          SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                          SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                          Malicious:false
                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):36830
                                                                          Entropy (8bit):5.1867463390487
                                                                          Encrypted:false
                                                                          SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                          MD5:98875950B62B398FFE70C0A8D0998017
                                                                          SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                          SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                          SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                          Malicious:false
                                                                          Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1021904
                                                                          Entropy (8bit):6.648417932394748
                                                                          Encrypted:false
                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Joe Sandbox View:
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: pud8g3zixE.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1021904
                                                                          Entropy (8bit):6.648417932394748
                                                                          Encrypted:false
                                                                          SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                          MD5:FE3355639648C417E8307C6D051E3E37
                                                                          SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                          SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                          SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):116
                                                                          Entropy (8bit):4.968220104601006
                                                                          Encrypted:false
                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                          Malicious:false
                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):116
                                                                          Entropy (8bit):4.968220104601006
                                                                          Encrypted:false
                                                                          SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                          MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                          SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                          SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                          SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                          Malicious:false
                                                                          Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):11225
                                                                          Entropy (8bit):5.510541915167697
                                                                          Encrypted:false
                                                                          SSDEEP:192:9nPOeRnHYbBp6RJ0aX+D6SEXKMYYkHWNBw8rFSl:ZPegJUGSlHEwY0
                                                                          MD5:1C40683D0A58F55E46CB3FF72039038D
                                                                          SHA1:8A3EAC1C2BE8D63F5127A2751B31F6834C9E681B
                                                                          SHA-256:8B37084F0E630900A6BC6795D284DE5FCEAA71EFB8860F26E5E79BF27E86B670
                                                                          SHA-512:B47E2FB018FCCEBB3BEE3BF9981CF4B3E09253A68A586FA168393426B980307AEBBC10CA76D9503C2223866732023086A114F8DBFC5A2DF6A33CD13447C18D56
                                                                          Malicious:false
                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725623377);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725623377);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..u
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):11225
                                                                          Entropy (8bit):5.510541915167697
                                                                          Encrypted:false
                                                                          SSDEEP:192:9nPOeRnHYbBp6RJ0aX+D6SEXKMYYkHWNBw8rFSl:ZPegJUGSlHEwY0
                                                                          MD5:1C40683D0A58F55E46CB3FF72039038D
                                                                          SHA1:8A3EAC1C2BE8D63F5127A2751B31F6834C9E681B
                                                                          SHA-256:8B37084F0E630900A6BC6795D284DE5FCEAA71EFB8860F26E5E79BF27E86B670
                                                                          SHA-512:B47E2FB018FCCEBB3BEE3BF9981CF4B3E09253A68A586FA168393426B980307AEBBC10CA76D9503C2223866732023086A114F8DBFC5A2DF6A33CD13447C18D56
                                                                          Malicious:false
                                                                          Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 1);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725623377);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725623377);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..u
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):493
                                                                          Entropy (8bit):4.958543224871762
                                                                          Encrypted:false
                                                                          SSDEEP:12:YZFgnlRgJMuIVHlW8cOlZGV1AQIYzvZcyBuLZGAvxn:YEWMuSlCOlZGV1AQIWZcy6ZXvx
                                                                          MD5:B6517B5B54E7C5EA76B07738591197D7
                                                                          SHA1:8807C4BCAF75070023E67011AF8BEFEEC3700635
                                                                          SHA-256:DB5B1C0C8C1A551DF16CF01277DEFCB73C016CE1505D177A7988E5A857E4F991
                                                                          SHA-512:95F0D724FE04F7FC4C99866ADC38073156EFB74AD5F2D38953F5AFB0D4327920ECC367644E44831E808CB3588059FD4BDD38AADB9C5D2B21F90EA9051B28AAE1
                                                                          Malicious:false
                                                                          Preview:{"type":"health","id":"89ea41f4-484d-4f67-9106-7e492f7b71d8","creationDate":"2024-09-06T11:50:09.451Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95"}
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:modified
                                                                          Size (bytes):493
                                                                          Entropy (8bit):4.958543224871762
                                                                          Encrypted:false
                                                                          SSDEEP:12:YZFgnlRgJMuIVHlW8cOlZGV1AQIYzvZcyBuLZGAvxn:YEWMuSlCOlZGV1AQIWZcy6ZXvx
                                                                          MD5:B6517B5B54E7C5EA76B07738591197D7
                                                                          SHA1:8807C4BCAF75070023E67011AF8BEFEEC3700635
                                                                          SHA-256:DB5B1C0C8C1A551DF16CF01277DEFCB73C016CE1505D177A7988E5A857E4F991
                                                                          SHA-512:95F0D724FE04F7FC4C99866ADC38073156EFB74AD5F2D38953F5AFB0D4327920ECC367644E44831E808CB3588059FD4BDD38AADB9C5D2B21F90EA9051B28AAE1
                                                                          Malicious:false
                                                                          Preview:{"type":"health","id":"89ea41f4-484d-4f67-9106-7e492f7b71d8","creationDate":"2024-09-06T11:50:09.451Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"os":{"name":"WINNT","version":"10.0"},"reason":"immediate","sendFailure":{"eUnreachable":1}},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95"}
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):53
                                                                          Entropy (8bit):4.136624295551173
                                                                          Encrypted:false
                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                                          MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                                          SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                                          SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                                          SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                                          Malicious:false
                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true}
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:JSON data
                                                                          Category:dropped
                                                                          Size (bytes):53
                                                                          Entropy (8bit):4.136624295551173
                                                                          Encrypted:false
                                                                          SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AY:Y9KQOy6Lb1BA+9
                                                                          MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A
                                                                          SHA1:B43BC4B3EA206A02EF8F63D5BFAD0C96BF2A3B2A
                                                                          SHA-256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
                                                                          SHA-512:076EE83534F42563046D25086166F82E1A3EC61840C113AEC67ABE2D8195DAA247D827D0C54E7E8F8A1BBF2D082A3763577587E84342EC160FF97905243E6D19
                                                                          Malicious:false
                                                                          Preview:{"profile-after-change":true,"final-ui-startup":true}
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                                          Category:dropped
                                                                          Size (bytes):271
                                                                          Entropy (8bit):5.481452210690357
                                                                          Encrypted:false
                                                                          SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqC5mcfnK3SIgCGJltVxv3JNzdDdCQ:vLz2S+EWDDoWqC5mcPK34nnxv3Rd9
                                                                          MD5:A13867B500131FC10BC27D09380AE466
                                                                          SHA1:DFA3C3F9251331701810501C701E72A918800727
                                                                          SHA-256:D61B90BC7E2AE64615A787597E5FE0C91E23008B853FFEF54F174EFA0CF732A7
                                                                          SHA-512:56E867212524550CB6C2F5F0FCB0E6AFC63D9D8B5E35D02365C40ED5FBA96D78143D74D66ABC7E2841E3D6ED6C7D8BFC3F950DBEE0007FEE20561C2C88EA6233
                                                                          Malicious:false
                                                                          Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2150633470}d..W..5":1j..........@":{"w...Update":1725623364797,"startTim...#44544,"recentCrashes":0},"global":{},"cookies":[]}
                                                                          Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          File Type:Mozilla lz4 compressed data, originally 301 bytes
                                                                          Category:dropped
                                                                          Size (bytes):271
                                                                          Entropy (8bit):5.481452210690357
                                                                          Encrypted:false
                                                                          SSDEEP:6:vXDvz2SzHs/udk+eDAWrZCMNRoGO/QqC5mcfnK3SIgCGJltVxv3JNzdDdCQ:vLz2S+EWDDoWqC5mcPK34nnxv3Rd9
                                                                          MD5:A13867B500131FC10BC27D09380AE466
                                                                          SHA1:DFA3C3F9251331701810501C701E72A918800727
                                                                          SHA-256:D61B90BC7E2AE64615A787597E5FE0C91E23008B853FFEF54F174EFA0CF732A7
                                                                          SHA-512:56E867212524550CB6C2F5F0FCB0E6AFC63D9D8B5E35D02365C40ED5FBA96D78143D74D66ABC7E2841E3D6ED6C7D8BFC3F950DBEE0007FEE20561C2C88EA6233
                                                                          Malicious:false
                                                                          Preview:mozLz40.-.....{"version":["ses....restore",1],"windows":[{"tab....],"selected":0,"_closedT..d_lastC...&GroupCount":-1,"busy":false,"chromeFlags":2150633470}d..W..5":1j..........@":{"w...Update":1725623364797,"startTim...#44544,"recentCrashes":0},"global":{},"cookies":[]}
                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                          Entropy (8bit):6.579574708015313
                                                                          TrID:
                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                          File name:file.exe
                                                                          File size:917'504 bytes
                                                                          MD5:df302225c2ef4a150c48fa19bfa69ef1
                                                                          SHA1:af90c0b4960217bc9d1b346edc7f98d583b1102a
                                                                          SHA256:784144d395ecab1d04ffaede56760329604f7989a258f3e75b3edc50d1400a47
                                                                          SHA512:5cafa55312f4b3b9912a9bc27a3384027705c96d18dfc9c34b89327a0dacf814bda0a63de8aa41c05c1861b6eed11950700f60e2ff1eec7a36f3e1b18e9faf56
                                                                          SSDEEP:12288:TqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarT3:TqDEvCTbMWu7rQYlBQcBiT6rprG8av3
                                                                          TLSH:4E159E0273D1C062FF9B92334B5AF6515BBC69260123E61F13A81DB9BE701B1563E7A3
                                                                          File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....
                                                                          Icon Hash:aaf3e3e3938382a0
                                                                          Entrypoint:0x420577
                                                                          Entrypoint Section:.text
                                                                          Digitally signed:false
                                                                          Imagebase:0x400000
                                                                          Subsystem:windows gui
                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                          DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                          Time Stamp:0x66DACE02 [Fri Sep 6 09:40:18 2024 UTC]
                                                                          TLS Callbacks:
                                                                          CLR (.Net) Version:
                                                                          OS Version Major:5
                                                                          OS Version Minor:1
                                                                          File Version Major:5
                                                                          File Version Minor:1
                                                                          Subsystem Version Major:5
                                                                          Subsystem Version Minor:1
                                                                          Import Hash:948cc502fe9226992dce9417f952fce3
                                                                          Instruction
                                                                          call 00007FA4F0EBFC13h
                                                                          jmp 00007FA4F0EBF51Fh
                                                                          push ebp
                                                                          mov ebp, esp
                                                                          push esi
                                                                          push dword ptr [ebp+08h]
                                                                          mov esi, ecx
                                                                          call 00007FA4F0EBF6FDh
                                                                          mov dword ptr [esi], 0049FDF0h
                                                                          mov eax, esi
                                                                          pop esi
                                                                          pop ebp
                                                                          retn 0004h
                                                                          and dword ptr [ecx+04h], 00000000h
                                                                          mov eax, ecx
                                                                          and dword ptr [ecx+08h], 00000000h
                                                                          mov dword ptr [ecx+04h], 0049FDF8h
                                                                          mov dword ptr [ecx], 0049FDF0h
                                                                          ret
                                                                          push ebp
                                                                          mov ebp, esp
                                                                          push esi
                                                                          push dword ptr [ebp+08h]
                                                                          mov esi, ecx
                                                                          call 00007FA4F0EBF6CAh
                                                                          mov dword ptr [esi], 0049FE0Ch
                                                                          mov eax, esi
                                                                          pop esi
                                                                          pop ebp
                                                                          retn 0004h
                                                                          and dword ptr [ecx+04h], 00000000h
                                                                          mov eax, ecx
                                                                          and dword ptr [ecx+08h], 00000000h
                                                                          mov dword ptr [ecx+04h], 0049FE14h
                                                                          mov dword ptr [ecx], 0049FE0Ch
                                                                          ret
                                                                          push ebp
                                                                          mov ebp, esp
                                                                          push esi
                                                                          mov esi, ecx
                                                                          lea eax, dword ptr [esi+04h]
                                                                          mov dword ptr [esi], 0049FDD0h
                                                                          and dword ptr [eax], 00000000h
                                                                          and dword ptr [eax+04h], 00000000h
                                                                          push eax
                                                                          mov eax, dword ptr [ebp+08h]
                                                                          add eax, 04h
                                                                          push eax
                                                                          call 00007FA4F0EC22BDh
                                                                          pop ecx
                                                                          pop ecx
                                                                          mov eax, esi
                                                                          pop esi
                                                                          pop ebp
                                                                          retn 0004h
                                                                          lea eax, dword ptr [ecx+04h]
                                                                          mov dword ptr [ecx], 0049FDD0h
                                                                          push eax
                                                                          call 00007FA4F0EC2308h
                                                                          pop ecx
                                                                          ret
                                                                          push ebp
                                                                          mov ebp, esp
                                                                          push esi
                                                                          mov esi, ecx
                                                                          lea eax, dword ptr [esi+04h]
                                                                          mov dword ptr [esi], 0049FDD0h
                                                                          push eax
                                                                          call 00007FA4F0EC22F1h
                                                                          test byte ptr [ebp+08h], 00000001h
                                                                          pop ecx
                                                                          Programming Language:
                                                                          • [ C ] VS2008 SP1 build 30729
                                                                          • [IMP] VS2008 SP1 build 30729
                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9500.rsrc
                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                          .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                          .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                          .rsrc0xd40000x95000x960068f61a30d6ca22e914bccf8190a1da73False0.2811197916666667data5.161862005706169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                          RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                          RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                          RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                          RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                          RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                          RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                          RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                          RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                          RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                          RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                          RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                          RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                          RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                          RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                          RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                          RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                          RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                          RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                          RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                          RT_RCDATA0xdc7b80x7c6data1.0055276381909548
                                                                          RT_GROUP_ICON0xdcf800x76dataEnglishGreat Britain0.6610169491525424
                                                                          RT_GROUP_ICON0xdcff80x14dataEnglishGreat Britain1.25
                                                                          RT_GROUP_ICON0xdd00c0x14dataEnglishGreat Britain1.15
                                                                          RT_GROUP_ICON0xdd0200x14dataEnglishGreat Britain1.25
                                                                          RT_VERSION0xdd0340xdcdataEnglishGreat Britain0.6181818181818182
                                                                          RT_MANIFEST0xdd1100x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823
                                                                          DLLImport
                                                                          WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                          VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                          WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                          COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                          MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                          WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                          PSAPI.DLLGetProcessMemoryInfo
                                                                          IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                          USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                          UxTheme.dllIsThemeActive
                                                                          KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                          USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                          GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                          COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                          ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                          SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                          ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                          OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture
                                                                          Language of compilation systemCountry where language is spokenMap
                                                                          EnglishGreat Britain
                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Sep 6, 2024 12:31:58.786804914 CEST49674443192.168.2.523.1.237.91
                                                                          Sep 6, 2024 12:31:58.786806107 CEST49675443192.168.2.523.1.237.91
                                                                          Sep 6, 2024 12:31:58.896182060 CEST49673443192.168.2.523.1.237.91
                                                                          Sep 6, 2024 12:32:05.031052113 CEST49710443192.168.2.594.245.104.56
                                                                          Sep 6, 2024 12:32:05.031073093 CEST4434971094.245.104.56192.168.2.5
                                                                          Sep 6, 2024 12:32:05.031208992 CEST49710443192.168.2.594.245.104.56
                                                                          Sep 6, 2024 12:32:05.031939983 CEST49710443192.168.2.594.245.104.56
                                                                          Sep 6, 2024 12:32:05.031951904 CEST4434971094.245.104.56192.168.2.5
                                                                          Sep 6, 2024 12:32:05.823334932 CEST4434971094.245.104.56192.168.2.5
                                                                          Sep 6, 2024 12:32:05.857842922 CEST49710443192.168.2.594.245.104.56
                                                                          Sep 6, 2024 12:32:05.857872963 CEST4434971094.245.104.56192.168.2.5
                                                                          Sep 6, 2024 12:32:05.859110117 CEST4434971094.245.104.56192.168.2.5
                                                                          Sep 6, 2024 12:32:05.859170914 CEST49710443192.168.2.594.245.104.56
                                                                          Sep 6, 2024 12:32:05.860979080 CEST49710443192.168.2.594.245.104.56
                                                                          Sep 6, 2024 12:32:05.861104965 CEST4434971094.245.104.56192.168.2.5
                                                                          Sep 6, 2024 12:32:05.861210108 CEST49710443192.168.2.594.245.104.56
                                                                          Sep 6, 2024 12:32:05.861221075 CEST4434971094.245.104.56192.168.2.5
                                                                          Sep 6, 2024 12:32:05.967057943 CEST49710443192.168.2.594.245.104.56
                                                                          Sep 6, 2024 12:32:06.532006979 CEST4434971094.245.104.56192.168.2.5
                                                                          Sep 6, 2024 12:32:06.532164097 CEST4434971094.245.104.56192.168.2.5
                                                                          Sep 6, 2024 12:32:06.532375097 CEST49710443192.168.2.594.245.104.56
                                                                          Sep 6, 2024 12:32:06.896053076 CEST49710443192.168.2.594.245.104.56
                                                                          Sep 6, 2024 12:32:06.896075964 CEST4434971094.245.104.56192.168.2.5
                                                                          Sep 6, 2024 12:32:08.460176945 CEST49674443192.168.2.523.1.237.91
                                                                          Sep 6, 2024 12:32:08.538475990 CEST49675443192.168.2.523.1.237.91
                                                                          Sep 6, 2024 12:32:08.538500071 CEST49673443192.168.2.523.1.237.91
                                                                          Sep 6, 2024 12:32:09.175718069 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:09.175754070 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:09.175806046 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:09.176022053 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:09.176033974 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:09.815176010 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:09.816831112 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:09.816843987 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:09.817298889 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:09.817315102 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:09.817378044 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:09.817384005 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:09.817457914 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:09.818105936 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:09.819152117 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:09.819221020 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:09.819386959 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:09.819392920 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:09.933209896 CEST49734443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:09.933242083 CEST44349734162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:09.933311939 CEST49734443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:09.934904099 CEST49734443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:09.934915066 CEST44349734162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:09.965609074 CEST49735443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:09.965636015 CEST44349735162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:09.965718031 CEST49735443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:09.965857029 CEST49735443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:09.965871096 CEST44349735162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:09.970489025 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:09.987677097 CEST49736443192.168.2.5172.64.41.3
                                                                          Sep 6, 2024 12:32:09.987701893 CEST44349736172.64.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:09.987926960 CEST49736443192.168.2.5172.64.41.3
                                                                          Sep 6, 2024 12:32:09.988838911 CEST49736443192.168.2.5172.64.41.3
                                                                          Sep 6, 2024 12:32:09.988852978 CEST44349736172.64.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.081300974 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.081334114 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.081490040 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.081515074 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.084335089 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.084414959 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.084441900 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.092556000 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.092621088 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.092652082 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.097142935 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.097574949 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.097604036 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.103380919 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.103435993 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.103461027 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.109632969 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.109704018 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.109726906 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.116175890 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.116249084 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.116270065 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.122319937 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.122411013 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.122440100 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.132149935 CEST4434970323.1.237.91192.168.2.5
                                                                          Sep 6, 2024 12:32:10.132260084 CEST49703443192.168.2.523.1.237.91
                                                                          Sep 6, 2024 12:32:10.168215990 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.168279886 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.168308020 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.171339035 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.171567917 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.171586990 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.177304983 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.177372932 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.177393913 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.183656931 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.183763027 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.183780909 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.189861059 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.189935923 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.189964056 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.196088076 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.196171999 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.196190119 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.202522993 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.203757048 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.203778982 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.208688021 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.208764076 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.208782911 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.215645075 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.215732098 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.215748072 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.220876932 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.222759962 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.222779036 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.226684093 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.227798939 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.227816105 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.232165098 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.232367992 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.232377052 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.237786055 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.237858057 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.237883091 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.243124008 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.243221045 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.243226051 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.248670101 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.248769999 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.248774052 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.260768890 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.260802984 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.260833979 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.260874987 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.260883093 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.260912895 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.263580084 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.263757944 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.263767004 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.267359018 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.267421007 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.267426014 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.271290064 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.271425962 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.271430016 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.274818897 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.275172949 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.275177956 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.278104067 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.278155088 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.278160095 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.281696081 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.281749010 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.281754017 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.285129070 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.285185099 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.285190105 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.288603067 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.288913965 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.288918972 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.292175055 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.292249918 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.292254925 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.295537949 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.295588970 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.295593977 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.299385071 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.299453020 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.299458027 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.302557945 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.302670002 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.302675009 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.306173086 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.306396008 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.306401968 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.309571028 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.309647083 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.309652090 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.312988997 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.313074112 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.313079119 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.316523075 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.316682100 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.316685915 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.320008039 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.320065022 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.320069075 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.323596954 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.323964119 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.323968887 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.327006102 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.327063084 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.327068090 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.330512047 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.330600977 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.330605984 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.333693027 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.333897114 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.333901882 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.337058067 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.337194920 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.337199926 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.339972019 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.340040922 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.340048075 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.340054035 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.340760946 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.343110085 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.346247911 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.346492052 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.346498013 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.346698046 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.346750975 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.347105026 CEST49727443192.168.2.5142.250.185.97
                                                                          Sep 6, 2024 12:32:10.347117901 CEST44349727142.250.185.97192.168.2.5
                                                                          Sep 6, 2024 12:32:10.396476030 CEST44349734162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.396804094 CEST49734443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:10.396815062 CEST44349734162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.409761906 CEST44349734162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.409887075 CEST49734443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:10.411334038 CEST49734443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:10.411439896 CEST44349734162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.412024975 CEST49734443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:10.412034035 CEST44349734162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.445039034 CEST44349736172.64.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.445429087 CEST49736443192.168.2.5172.64.41.3
                                                                          Sep 6, 2024 12:32:10.445440054 CEST44349736172.64.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.446490049 CEST44349736172.64.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.446584940 CEST49736443192.168.2.5172.64.41.3
                                                                          Sep 6, 2024 12:32:10.448409081 CEST49736443192.168.2.5172.64.41.3
                                                                          Sep 6, 2024 12:32:10.448472977 CEST44349736172.64.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.448945045 CEST49736443192.168.2.5172.64.41.3
                                                                          Sep 6, 2024 12:32:10.448952913 CEST44349736172.64.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.449184895 CEST44349735162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.449575901 CEST49735443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:10.449594975 CEST44349735162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.450602055 CEST44349735162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.450683117 CEST49735443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:10.452187061 CEST49735443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:10.452265024 CEST44349735162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.452440977 CEST49735443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:10.452449083 CEST44349735162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.462007999 CEST49734443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:10.512132883 CEST44349734162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.512203932 CEST44349734162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.512352943 CEST49734443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:10.512501955 CEST49734443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:10.512516975 CEST44349734162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.538297892 CEST49735443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:10.557996035 CEST44349736172.64.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.558090925 CEST49736443192.168.2.5172.64.41.3
                                                                          Sep 6, 2024 12:32:10.558593035 CEST49736443192.168.2.5172.64.41.3
                                                                          Sep 6, 2024 12:32:10.558603048 CEST44349736172.64.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.590531111 CEST44349735162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.590609074 CEST44349735162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.590846062 CEST49735443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:10.591000080 CEST49735443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:10.591010094 CEST44349735162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.686372995 CEST49737443192.168.2.5184.28.90.27
                                                                          Sep 6, 2024 12:32:10.686418056 CEST44349737184.28.90.27192.168.2.5
                                                                          Sep 6, 2024 12:32:10.687112093 CEST49737443192.168.2.5184.28.90.27
                                                                          Sep 6, 2024 12:32:10.688616991 CEST49737443192.168.2.5184.28.90.27
                                                                          Sep 6, 2024 12:32:10.688632011 CEST44349737184.28.90.27192.168.2.5
                                                                          Sep 6, 2024 12:32:10.993346930 CEST49738443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:10.993377924 CEST44349738162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.993966103 CEST49739443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:10.994008064 CEST44349739162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.994040966 CEST49738443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:10.994066000 CEST49739443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:10.994564056 CEST49738443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:10.994576931 CEST44349738162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:10.994831085 CEST49739443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:10.994848013 CEST44349739162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.143903017 CEST49738443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.143975019 CEST49739443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.184500933 CEST44349738162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.188499928 CEST44349739162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.263184071 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.263243914 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.263423920 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.264297962 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.264312029 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.283407927 CEST49741443192.168.2.5152.195.19.97
                                                                          Sep 6, 2024 12:32:11.283447027 CEST44349741152.195.19.97192.168.2.5
                                                                          Sep 6, 2024 12:32:11.283529043 CEST49741443192.168.2.5152.195.19.97
                                                                          Sep 6, 2024 12:32:11.284346104 CEST49741443192.168.2.5152.195.19.97
                                                                          Sep 6, 2024 12:32:11.284362078 CEST44349741152.195.19.97192.168.2.5
                                                                          Sep 6, 2024 12:32:11.290818930 CEST49742443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:11.290879965 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:11.290951967 CEST49742443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:11.291052103 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:11.291071892 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:11.291172981 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:11.292258024 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:11.292269945 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:11.292380095 CEST49742443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:11.292402029 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:11.357029915 CEST44349737184.28.90.27192.168.2.5
                                                                          Sep 6, 2024 12:32:11.357115030 CEST49737443192.168.2.5184.28.90.27
                                                                          Sep 6, 2024 12:32:11.442047119 CEST49737443192.168.2.5184.28.90.27
                                                                          Sep 6, 2024 12:32:11.442121029 CEST44349737184.28.90.27192.168.2.5
                                                                          Sep 6, 2024 12:32:11.442405939 CEST44349737184.28.90.27192.168.2.5
                                                                          Sep 6, 2024 12:32:11.449738026 CEST44349739162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.449831963 CEST49739443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.468700886 CEST44349738162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.468771935 CEST49738443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.568613052 CEST49737443192.168.2.5184.28.90.27
                                                                          Sep 6, 2024 12:32:11.720844030 CEST49737443192.168.2.5184.28.90.27
                                                                          Sep 6, 2024 12:32:11.723597050 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.724179983 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.724205971 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.724643946 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.724714994 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.725399017 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.725447893 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.729234934 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.729306936 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.729502916 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.729511976 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.768503904 CEST44349737184.28.90.27192.168.2.5
                                                                          Sep 6, 2024 12:32:11.834078074 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.842370987 CEST49744443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:11.842422962 CEST44349744142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:11.842497110 CEST49744443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:11.842706919 CEST49745443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:11.842740059 CEST44349745142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:11.842818975 CEST49745443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:11.843142033 CEST44349741152.195.19.97192.168.2.5
                                                                          Sep 6, 2024 12:32:11.843463898 CEST49744443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:11.843473911 CEST44349744142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:11.843560934 CEST49745443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:11.843571901 CEST44349745142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:11.845153093 CEST49741443192.168.2.5152.195.19.97
                                                                          Sep 6, 2024 12:32:11.845175028 CEST44349741152.195.19.97192.168.2.5
                                                                          Sep 6, 2024 12:32:11.846205950 CEST44349741152.195.19.97192.168.2.5
                                                                          Sep 6, 2024 12:32:11.846364021 CEST49741443192.168.2.5152.195.19.97
                                                                          Sep 6, 2024 12:32:11.854707956 CEST49741443192.168.2.5152.195.19.97
                                                                          Sep 6, 2024 12:32:11.854831934 CEST44349741152.195.19.97192.168.2.5
                                                                          Sep 6, 2024 12:32:11.855273962 CEST49741443192.168.2.5152.195.19.97
                                                                          Sep 6, 2024 12:32:11.855282068 CEST44349741152.195.19.97192.168.2.5
                                                                          Sep 6, 2024 12:32:11.873452902 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.873501062 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.873533010 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.873552084 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.873574018 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.873594046 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.874140978 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.874161959 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.874207973 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.874217033 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.874285936 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.874471903 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.874517918 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.874938011 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.874985933 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.875333071 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.875396013 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.879815102 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.879898071 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.911834002 CEST44349737184.28.90.27192.168.2.5
                                                                          Sep 6, 2024 12:32:11.934134960 CEST44349737184.28.90.27192.168.2.5
                                                                          Sep 6, 2024 12:32:11.934226990 CEST49737443192.168.2.5184.28.90.27
                                                                          Sep 6, 2024 12:32:11.940083981 CEST49737443192.168.2.5184.28.90.27
                                                                          Sep 6, 2024 12:32:11.940104961 CEST44349737184.28.90.27192.168.2.5
                                                                          Sep 6, 2024 12:32:11.940115929 CEST49737443192.168.2.5184.28.90.27
                                                                          Sep 6, 2024 12:32:11.940120935 CEST44349737184.28.90.27192.168.2.5
                                                                          Sep 6, 2024 12:32:11.949006081 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:11.949266911 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:11.955526114 CEST44349741152.195.19.97192.168.2.5
                                                                          Sep 6, 2024 12:32:11.955543995 CEST44349741152.195.19.97192.168.2.5
                                                                          Sep 6, 2024 12:32:11.955605984 CEST44349741152.195.19.97192.168.2.5
                                                                          Sep 6, 2024 12:32:11.955641031 CEST49741443192.168.2.5152.195.19.97
                                                                          Sep 6, 2024 12:32:11.955662966 CEST49741443192.168.2.5152.195.19.97
                                                                          Sep 6, 2024 12:32:11.957357883 CEST49742443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:11.957384109 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:11.957489014 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:11.957509041 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:11.958537102 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:11.958605051 CEST49742443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:11.958738089 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:11.958796024 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:11.960951090 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.961029053 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.961038113 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.961129904 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.961194038 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.961227894 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.961239100 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.961245060 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.961287022 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.961369991 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.961429119 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.962146997 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.962182999 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.962207079 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.962212086 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.962289095 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.962292910 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.962621927 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.962649107 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.962680101 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.962685108 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.962735891 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.962740898 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.962778091 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.962873936 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.970643997 CEST49740443192.168.2.5142.250.72.110
                                                                          Sep 6, 2024 12:32:11.970659971 CEST44349740142.250.72.110192.168.2.5
                                                                          Sep 6, 2024 12:32:11.972441912 CEST49741443192.168.2.5152.195.19.97
                                                                          Sep 6, 2024 12:32:11.972464085 CEST44349741152.195.19.97192.168.2.5
                                                                          Sep 6, 2024 12:32:11.988514900 CEST49742443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:11.988704920 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:11.989412069 CEST49742443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:11.989423037 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:11.990564108 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:11.990677118 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:11.995592117 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:11.995609999 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.040738106 CEST49742443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.071850061 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.089596033 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.089622021 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.089629889 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.089643002 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.089648962 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.089654922 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.089663029 CEST49742443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.089679003 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.089704037 CEST49742443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.089732885 CEST49742443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.101926088 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.101952076 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.101959944 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.101974964 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.101982117 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.101989031 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.101995945 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.102014065 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.102047920 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.102071047 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.132415056 CEST49746443192.168.2.5184.28.90.27
                                                                          Sep 6, 2024 12:32:12.132494926 CEST44349746184.28.90.27192.168.2.5
                                                                          Sep 6, 2024 12:32:12.132565975 CEST49746443192.168.2.5184.28.90.27
                                                                          Sep 6, 2024 12:32:12.132914066 CEST49746443192.168.2.5184.28.90.27
                                                                          Sep 6, 2024 12:32:12.132925034 CEST44349746184.28.90.27192.168.2.5
                                                                          Sep 6, 2024 12:32:12.177140951 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.177166939 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.177212954 CEST49742443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.177226067 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.177238941 CEST49742443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.177258015 CEST49742443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.178426027 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.178442001 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.178503990 CEST49742443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.178509951 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.178544998 CEST49742443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.185889006 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.185902119 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.185939074 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.185956001 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.185973883 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.186032057 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.190442085 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.190448999 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.190550089 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.190557003 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.190606117 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.264849901 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.264873981 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.265110016 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.265203953 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.272139072 CEST49742443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.273339033 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.273365974 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.274358988 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.274400949 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.286847115 CEST49742443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.289542913 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.289557934 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.299086094 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.299093008 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.299102068 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.299302101 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.301521063 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.301579952 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.303370953 CEST44349745142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.303520918 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.303817987 CEST49745443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.303823948 CEST44349745142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.304183960 CEST44349745142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.304364920 CEST49745443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.304920912 CEST44349745142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.305116892 CEST49745443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.305121899 CEST44349745142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.306370020 CEST49742443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.306387901 CEST4434974213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.320354939 CEST44349744142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.321988106 CEST49745443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.322056055 CEST44349745142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.322243929 CEST49745443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.337987900 CEST49744443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.338000059 CEST44349744142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.338479042 CEST44349744142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.339219093 CEST44349744142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.348491907 CEST44349744142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.351018906 CEST49744443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.351731062 CEST49744443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.351810932 CEST44349744142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.352118015 CEST49744443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.362112045 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.362134933 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.362575054 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.362616062 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.363224983 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.363243103 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.363981962 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.364007950 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.366075993 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.366091967 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.366940022 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.366962910 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.367507935 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.367528915 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.368488073 CEST44349745142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.371728897 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.371736050 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.371793032 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.371829033 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.371866941 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.371967077 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.371970892 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.372000933 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.372133017 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.372253895 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.372421980 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.372492075 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.390141010 CEST49747443192.168.2.535.190.72.216
                                                                          Sep 6, 2024 12:32:12.390176058 CEST4434974735.190.72.216192.168.2.5
                                                                          Sep 6, 2024 12:32:12.391562939 CEST49747443192.168.2.535.190.72.216
                                                                          Sep 6, 2024 12:32:12.392493010 CEST44349744142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.395787954 CEST49747443192.168.2.535.190.72.216
                                                                          Sep 6, 2024 12:32:12.395804882 CEST4434974735.190.72.216192.168.2.5
                                                                          Sep 6, 2024 12:32:12.428838015 CEST44349745142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.428936005 CEST49745443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.432519913 CEST49745443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.432533979 CEST44349745142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.452260971 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.452286959 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.452498913 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.452516079 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.452824116 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.452845097 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.453119993 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.453126907 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.453493118 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.453500986 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.453771114 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.453783989 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.453804970 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.454161882 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.454184055 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.454226971 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.454262972 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.454302073 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.454385042 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.463968992 CEST44349744142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.464715004 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.464780092 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.465207100 CEST49744443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.465501070 CEST49744443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.465519905 CEST44349744142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.466552973 CEST49743443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.466563940 CEST4434974313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.589040041 CEST49748443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.589083910 CEST4434974813.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.595875978 CEST49748443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.596193075 CEST49748443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.596204996 CEST4434974813.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.700309992 CEST49749443192.168.2.5142.251.41.4
                                                                          Sep 6, 2024 12:32:12.700349092 CEST44349749142.251.41.4192.168.2.5
                                                                          Sep 6, 2024 12:32:12.703366995 CEST49749443192.168.2.5142.251.41.4
                                                                          Sep 6, 2024 12:32:12.703881025 CEST49749443192.168.2.5142.251.41.4
                                                                          Sep 6, 2024 12:32:12.703890085 CEST44349749142.251.41.4192.168.2.5
                                                                          Sep 6, 2024 12:32:12.750832081 CEST49750443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.750884056 CEST44349750142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.751055956 CEST49750443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.753832102 CEST49750443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.753845930 CEST44349750142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.775407076 CEST49751443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.775449038 CEST44349751142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.784187078 CEST49751443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.787460089 CEST49751443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.787483931 CEST44349751142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.800299883 CEST44349746184.28.90.27192.168.2.5
                                                                          Sep 6, 2024 12:32:12.803229094 CEST49746443192.168.2.5184.28.90.27
                                                                          Sep 6, 2024 12:32:12.805006027 CEST49746443192.168.2.5184.28.90.27
                                                                          Sep 6, 2024 12:32:12.805022001 CEST44349746184.28.90.27192.168.2.5
                                                                          Sep 6, 2024 12:32:12.805326939 CEST44349746184.28.90.27192.168.2.5
                                                                          Sep 6, 2024 12:32:12.816036940 CEST49746443192.168.2.5184.28.90.27
                                                                          Sep 6, 2024 12:32:12.860496998 CEST44349746184.28.90.27192.168.2.5
                                                                          Sep 6, 2024 12:32:12.865695000 CEST4434974735.190.72.216192.168.2.5
                                                                          Sep 6, 2024 12:32:12.868308067 CEST49747443192.168.2.535.190.72.216
                                                                          Sep 6, 2024 12:32:12.906918049 CEST49752443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.906944990 CEST4434975213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.907084942 CEST49753443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.907118082 CEST4434975313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.907291889 CEST49754443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.907301903 CEST4434975413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.908329010 CEST49755443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.908349991 CEST4434975513.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.908452988 CEST49756443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.908462048 CEST4434975613.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.909333944 CEST49752443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.909333944 CEST49755443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.909343958 CEST49753443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.909343958 CEST49754443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.909447908 CEST49756443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.909702063 CEST49755443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.909707069 CEST49756443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.909714937 CEST4434975513.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.909718037 CEST4434975613.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.909801960 CEST49754443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.909811974 CEST4434975413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.909920931 CEST49753443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.909934044 CEST4434975313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.910068035 CEST49752443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:12.910082102 CEST4434975213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:12.918066025 CEST49747443192.168.2.535.190.72.216
                                                                          Sep 6, 2024 12:32:12.918087959 CEST4434974735.190.72.216192.168.2.5
                                                                          Sep 6, 2024 12:32:12.918212891 CEST49747443192.168.2.535.190.72.216
                                                                          Sep 6, 2024 12:32:12.918329954 CEST4434974735.190.72.216192.168.2.5
                                                                          Sep 6, 2024 12:32:12.918875933 CEST49747443192.168.2.535.190.72.216
                                                                          Sep 6, 2024 12:32:13.029922009 CEST4975780192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:13.040868044 CEST804975734.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:13.045447111 CEST4975780192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:13.045747995 CEST4975780192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:13.050632000 CEST804975734.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:13.081517935 CEST44349746184.28.90.27192.168.2.5
                                                                          Sep 6, 2024 12:32:13.081604004 CEST44349746184.28.90.27192.168.2.5
                                                                          Sep 6, 2024 12:32:13.084960938 CEST49746443192.168.2.5184.28.90.27
                                                                          Sep 6, 2024 12:32:13.156394958 CEST49746443192.168.2.5184.28.90.27
                                                                          Sep 6, 2024 12:32:13.156439066 CEST44349746184.28.90.27192.168.2.5
                                                                          Sep 6, 2024 12:32:13.156472921 CEST49746443192.168.2.5184.28.90.27
                                                                          Sep 6, 2024 12:32:13.156491041 CEST44349746184.28.90.27192.168.2.5
                                                                          Sep 6, 2024 12:32:13.168793917 CEST44349749142.251.41.4192.168.2.5
                                                                          Sep 6, 2024 12:32:13.182076931 CEST49749443192.168.2.5142.251.41.4
                                                                          Sep 6, 2024 12:32:13.182091951 CEST44349749142.251.41.4192.168.2.5
                                                                          Sep 6, 2024 12:32:13.183244944 CEST44349749142.251.41.4192.168.2.5
                                                                          Sep 6, 2024 12:32:13.188019037 CEST49749443192.168.2.5142.251.41.4
                                                                          Sep 6, 2024 12:32:13.198174000 CEST49749443192.168.2.5142.251.41.4
                                                                          Sep 6, 2024 12:32:13.198342085 CEST44349749142.251.41.4192.168.2.5
                                                                          Sep 6, 2024 12:32:13.198584080 CEST49749443192.168.2.5142.251.41.4
                                                                          Sep 6, 2024 12:32:13.213725090 CEST44349750142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:13.215609074 CEST49750443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:13.215636969 CEST44349750142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:13.216025114 CEST44349750142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:13.216784000 CEST44349750142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:13.217283964 CEST49750443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:13.217292070 CEST44349750142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:13.219424963 CEST49750443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:13.219496012 CEST44349750142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:13.236932039 CEST4434974813.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.238907099 CEST49748443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.238929033 CEST4434974813.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.239317894 CEST4434974813.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.239794970 CEST49748443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.239861012 CEST4434974813.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.240497112 CEST44349749142.251.41.4192.168.2.5
                                                                          Sep 6, 2024 12:32:13.243844032 CEST49748443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.264076948 CEST44349751142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:13.271153927 CEST49751443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:13.271186113 CEST44349751142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:13.271781921 CEST44349751142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:13.271797895 CEST44349751142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:13.272533894 CEST44349751142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:13.272767067 CEST49751443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:13.272778988 CEST44349751142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:13.277941942 CEST49751443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:13.278052092 CEST44349751142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:13.288497925 CEST4434974813.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.292915106 CEST44349749142.251.41.4192.168.2.5
                                                                          Sep 6, 2024 12:32:13.292960882 CEST44349749142.251.41.4192.168.2.5
                                                                          Sep 6, 2024 12:32:13.292993069 CEST49749443192.168.2.5142.251.41.4
                                                                          Sep 6, 2024 12:32:13.292996883 CEST44349749142.251.41.4192.168.2.5
                                                                          Sep 6, 2024 12:32:13.293014050 CEST44349749142.251.41.4192.168.2.5
                                                                          Sep 6, 2024 12:32:13.293045998 CEST49749443192.168.2.5142.251.41.4
                                                                          Sep 6, 2024 12:32:13.293127060 CEST44349749142.251.41.4192.168.2.5
                                                                          Sep 6, 2024 12:32:13.297472954 CEST49749443192.168.2.5142.251.41.4
                                                                          Sep 6, 2024 12:32:13.299664021 CEST49749443192.168.2.5142.251.41.4
                                                                          Sep 6, 2024 12:32:13.299681902 CEST44349749142.251.41.4192.168.2.5
                                                                          Sep 6, 2024 12:32:13.354103088 CEST4434974813.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.354844093 CEST4434974813.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.357013941 CEST49748443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.374068022 CEST49750443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:13.374090910 CEST44349750142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:13.388125896 CEST49748443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.388145924 CEST4434974813.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.388449907 CEST49758443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.388473988 CEST4434975813.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.388957024 CEST49758443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.389189959 CEST49758443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.389199972 CEST4434975813.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.432771921 CEST49751443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:13.432792902 CEST44349751142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:13.512749910 CEST804975734.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:13.539304018 CEST49751443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:13.554194927 CEST4434975313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.559868097 CEST4434975613.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.560015917 CEST4434975213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.560885906 CEST4434975513.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.563219070 CEST4434975413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.564028978 CEST49753443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.564048052 CEST4434975313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.565165043 CEST4434975313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.570461035 CEST49750443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:13.570460081 CEST4975780192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:13.580044985 CEST49754443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.580063105 CEST4434975413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.580152035 CEST49755443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.580174923 CEST4434975513.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.580246925 CEST49752443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.580254078 CEST4434975213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.580347061 CEST49756443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.580354929 CEST4434975613.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.580461025 CEST49753443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.580782890 CEST4434975613.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.581393003 CEST4434975513.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.581394911 CEST4434975413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.581518888 CEST49753443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.581526041 CEST4434975213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.581624985 CEST4434975313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.581820965 CEST49753443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.587156057 CEST49756443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.587244034 CEST4434975613.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.587275982 CEST49756443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.587444067 CEST49754443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.587449074 CEST49755443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.587486982 CEST49752443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.587780952 CEST49752443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.587861061 CEST4434975213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.588048935 CEST49755443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.588152885 CEST4434975513.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.588288069 CEST49754443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.588393927 CEST4434975413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.588439941 CEST49752443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.588439941 CEST49755443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.588479042 CEST49754443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.624504089 CEST4434975313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.628504992 CEST4434975513.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.628524065 CEST4434975213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.632503033 CEST4434975613.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.632519960 CEST4434975413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.678921938 CEST4434975313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.678997993 CEST4434975313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.683943033 CEST49753443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.685584068 CEST4434975613.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.686165094 CEST4434975613.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.686189890 CEST49753443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.686204910 CEST4434975313.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.686558962 CEST49760443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.686592102 CEST4434976013.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.686788082 CEST4434975413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.686944008 CEST4434975413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.687619925 CEST4434975513.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.687726021 CEST4434975213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.687776089 CEST49756443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.687824011 CEST49760443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.688015938 CEST49754443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.688015938 CEST49755443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.688015938 CEST49752443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.688029051 CEST4434975513.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.688043118 CEST4434975213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.688271999 CEST49760443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.688285112 CEST4434976013.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.688568115 CEST4434975513.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.688846111 CEST4434975213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.690892935 CEST49755443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.690892935 CEST49752443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.704190016 CEST49756443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.704231024 CEST4434975613.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.704571962 CEST49755443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.704586029 CEST4434975513.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.704902887 CEST49754443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.704916954 CEST4434975413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:13.705188990 CEST49752443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:13.705193043 CEST4434975213.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.003401995 CEST49762443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:14.003462076 CEST44349762162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.003736019 CEST49763443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:14.003786087 CEST44349763162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.008269072 CEST49762443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:14.008547068 CEST49763443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:14.008547068 CEST49763443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:14.008591890 CEST44349763162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.009150982 CEST49762443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:14.009161949 CEST44349762162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.047837019 CEST4434975813.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.051409006 CEST49758443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:14.051424026 CEST4434975813.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.051796913 CEST4434975813.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.052614927 CEST49758443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:14.052680016 CEST4434975813.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.052824974 CEST49758443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:14.096503019 CEST4434975813.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.150073051 CEST4434975813.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.150137901 CEST49758443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:14.150155067 CEST4434975813.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.150171995 CEST4434975813.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.150535107 CEST49758443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:14.151385069 CEST49758443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:14.151400089 CEST4434975813.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.315491915 CEST49764443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:14.315524101 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.315704107 CEST49764443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:14.315984964 CEST49764443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:14.316000938 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.330171108 CEST4434976013.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.334446907 CEST49760443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:14.334464073 CEST4434976013.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.334995985 CEST4434976013.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.336556911 CEST49760443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:14.336661100 CEST4434976013.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.336724997 CEST49760443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:14.384505033 CEST4434976013.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.548518896 CEST4434976013.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.548592091 CEST49760443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:14.583262920 CEST4434976013.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.583286047 CEST4434976013.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.583344936 CEST4434976013.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.583600998 CEST49760443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:14.586863995 CEST44349762162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.586875916 CEST44349763162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.587851048 CEST49763443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:14.587878942 CEST44349763162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.587960958 CEST49762443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:14.587985039 CEST44349762162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.588252068 CEST44349763162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.588397980 CEST44349762162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.589994907 CEST49762443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:14.590101957 CEST44349762162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.590298891 CEST49763443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:14.590362072 CEST44349763162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.590420008 CEST49760443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:14.590441942 CEST4434976013.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.667700052 CEST4976580192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:14.669595957 CEST49762443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:14.672609091 CEST804976534.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:14.673005104 CEST4976580192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:14.673254967 CEST4976580192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:14.678064108 CEST804976534.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:14.732083082 CEST49763443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:14.949498892 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.951493979 CEST49764443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:14.951507092 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.951884031 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.952478886 CEST49764443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:14.952552080 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:14.952630043 CEST49764443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:14.996500015 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:15.032919884 CEST49764443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:15.058471918 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:15.058497906 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:15.058505058 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:15.058536053 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:15.058549881 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:15.058561087 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:15.058651924 CEST49764443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:15.058670044 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:15.058728933 CEST49764443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:15.121787071 CEST804976534.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:15.144284010 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:15.144296885 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:15.144326925 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:15.144367933 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:15.145936966 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:15.145951033 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:15.145971060 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:15.148897886 CEST49764443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:15.148926020 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:15.149102926 CEST49764443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:15.149156094 CEST49764443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:15.171010971 CEST4976580192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:15.232423067 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:15.232455015 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:15.232850075 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:15.232891083 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:15.232925892 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:15.232983112 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:15.233531952 CEST49764443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:15.235485077 CEST49764443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:15.235716105 CEST49764443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:15.236221075 CEST49764443192.168.2.513.107.246.40
                                                                          Sep 6, 2024 12:32:15.236238003 CEST4434976413.107.246.40192.168.2.5
                                                                          Sep 6, 2024 12:32:18.926258087 CEST49767443192.168.2.520.12.23.50
                                                                          Sep 6, 2024 12:32:18.926306963 CEST4434976720.12.23.50192.168.2.5
                                                                          Sep 6, 2024 12:32:18.926563025 CEST49767443192.168.2.520.12.23.50
                                                                          Sep 6, 2024 12:32:18.927752018 CEST49767443192.168.2.520.12.23.50
                                                                          Sep 6, 2024 12:32:18.927767038 CEST4434976720.12.23.50192.168.2.5
                                                                          Sep 6, 2024 12:32:19.512789011 CEST4434976720.12.23.50192.168.2.5
                                                                          Sep 6, 2024 12:32:19.512895107 CEST49767443192.168.2.520.12.23.50
                                                                          Sep 6, 2024 12:32:19.514621973 CEST49767443192.168.2.520.12.23.50
                                                                          Sep 6, 2024 12:32:19.514631987 CEST4434976720.12.23.50192.168.2.5
                                                                          Sep 6, 2024 12:32:19.514877081 CEST4434976720.12.23.50192.168.2.5
                                                                          Sep 6, 2024 12:32:19.561506987 CEST49767443192.168.2.520.12.23.50
                                                                          Sep 6, 2024 12:32:20.296926975 CEST49767443192.168.2.520.12.23.50
                                                                          Sep 6, 2024 12:32:20.344491959 CEST4434976720.12.23.50192.168.2.5
                                                                          Sep 6, 2024 12:32:20.489177942 CEST4434976720.12.23.50192.168.2.5
                                                                          Sep 6, 2024 12:32:20.489206076 CEST4434976720.12.23.50192.168.2.5
                                                                          Sep 6, 2024 12:32:20.489212990 CEST4434976720.12.23.50192.168.2.5
                                                                          Sep 6, 2024 12:32:20.489223003 CEST4434976720.12.23.50192.168.2.5
                                                                          Sep 6, 2024 12:32:20.489254951 CEST4434976720.12.23.50192.168.2.5
                                                                          Sep 6, 2024 12:32:20.489268064 CEST49767443192.168.2.520.12.23.50
                                                                          Sep 6, 2024 12:32:20.489280939 CEST4434976720.12.23.50192.168.2.5
                                                                          Sep 6, 2024 12:32:20.489300966 CEST49767443192.168.2.520.12.23.50
                                                                          Sep 6, 2024 12:32:20.489327908 CEST49767443192.168.2.520.12.23.50
                                                                          Sep 6, 2024 12:32:20.493894100 CEST4434976720.12.23.50192.168.2.5
                                                                          Sep 6, 2024 12:32:20.493980885 CEST4434976720.12.23.50192.168.2.5
                                                                          Sep 6, 2024 12:32:20.494721889 CEST49767443192.168.2.520.12.23.50
                                                                          Sep 6, 2024 12:32:21.168445110 CEST49767443192.168.2.520.12.23.50
                                                                          Sep 6, 2024 12:32:21.168467045 CEST4434976720.12.23.50192.168.2.5
                                                                          Sep 6, 2024 12:32:21.168487072 CEST49767443192.168.2.520.12.23.50
                                                                          Sep 6, 2024 12:32:21.168493986 CEST4434976720.12.23.50192.168.2.5
                                                                          Sep 6, 2024 12:32:23.523746014 CEST4975780192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:23.529021978 CEST804975734.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:25.129682064 CEST4976580192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:25.134443045 CEST804976534.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:29.378834963 CEST44349763162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:29.378922939 CEST44349763162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:29.379050970 CEST49763443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:29.399974108 CEST44349762162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:29.400048971 CEST44349762162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:29.404109955 CEST49762443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:33.541994095 CEST4975780192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:33.546825886 CEST804975734.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:35.145019054 CEST4976580192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:35.149828911 CEST804976534.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:41.768038034 CEST49774443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:41.768081903 CEST4434977435.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:41.769015074 CEST49775443192.168.2.535.190.72.216
                                                                          Sep 6, 2024 12:32:41.769023895 CEST4434977535.190.72.216192.168.2.5
                                                                          Sep 6, 2024 12:32:41.769273996 CEST49774443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:41.769273996 CEST49775443192.168.2.535.190.72.216
                                                                          Sep 6, 2024 12:32:41.769413948 CEST49774443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:41.769429922 CEST4434977435.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:41.771102905 CEST49775443192.168.2.535.190.72.216
                                                                          Sep 6, 2024 12:32:41.771116018 CEST4434977535.190.72.216192.168.2.5
                                                                          Sep 6, 2024 12:32:41.776249886 CEST49776443192.168.2.534.149.100.209
                                                                          Sep 6, 2024 12:32:41.776292086 CEST4434977634.149.100.209192.168.2.5
                                                                          Sep 6, 2024 12:32:41.776499033 CEST49776443192.168.2.534.149.100.209
                                                                          Sep 6, 2024 12:32:41.776597023 CEST49776443192.168.2.534.149.100.209
                                                                          Sep 6, 2024 12:32:41.776612043 CEST4434977634.149.100.209192.168.2.5
                                                                          Sep 6, 2024 12:32:42.113159895 CEST49777443192.168.2.53.164.68.56
                                                                          Sep 6, 2024 12:32:42.113192081 CEST443497773.164.68.56192.168.2.5
                                                                          Sep 6, 2024 12:32:42.113327026 CEST49777443192.168.2.53.164.68.56
                                                                          Sep 6, 2024 12:32:42.113439083 CEST49777443192.168.2.53.164.68.56
                                                                          Sep 6, 2024 12:32:42.113447905 CEST443497773.164.68.56192.168.2.5
                                                                          Sep 6, 2024 12:32:42.229665041 CEST4434977435.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:42.229743958 CEST49774443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:42.230119944 CEST4434977535.190.72.216192.168.2.5
                                                                          Sep 6, 2024 12:32:42.232762098 CEST49774443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:42.232773066 CEST4434977435.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:42.233062983 CEST4434977435.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:42.233474016 CEST49775443192.168.2.535.190.72.216
                                                                          Sep 6, 2024 12:32:42.236529112 CEST49774443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:42.236706018 CEST4434977435.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:42.236807108 CEST49774443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:42.236814976 CEST4434977435.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:42.238142967 CEST4976580192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:42.238162994 CEST4975780192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:42.240952969 CEST49774443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:42.241056919 CEST49775443192.168.2.535.190.72.216
                                                                          Sep 6, 2024 12:32:42.241065979 CEST4434977535.190.72.216192.168.2.5
                                                                          Sep 6, 2024 12:32:42.241173029 CEST49775443192.168.2.535.190.72.216
                                                                          Sep 6, 2024 12:32:42.241184950 CEST4434977535.190.72.216192.168.2.5
                                                                          Sep 6, 2024 12:32:42.241369009 CEST49775443192.168.2.535.190.72.216
                                                                          Sep 6, 2024 12:32:42.243096113 CEST804976534.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:42.243371010 CEST804975734.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:42.243587971 CEST4977880192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:42.243808985 CEST4976580192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:42.243808031 CEST4975780192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:42.246015072 CEST4434977634.149.100.209192.168.2.5
                                                                          Sep 6, 2024 12:32:42.246083975 CEST49776443192.168.2.534.149.100.209
                                                                          Sep 6, 2024 12:32:42.248521090 CEST804977834.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:42.248821020 CEST49776443192.168.2.534.149.100.209
                                                                          Sep 6, 2024 12:32:42.248827934 CEST4434977634.149.100.209192.168.2.5
                                                                          Sep 6, 2024 12:32:42.249083996 CEST4434977634.149.100.209192.168.2.5
                                                                          Sep 6, 2024 12:32:42.250690937 CEST49776443192.168.2.534.149.100.209
                                                                          Sep 6, 2024 12:32:42.250817060 CEST49776443192.168.2.534.149.100.209
                                                                          Sep 6, 2024 12:32:42.250880003 CEST4434977634.149.100.209192.168.2.5
                                                                          Sep 6, 2024 12:32:42.251210928 CEST49779443192.168.2.534.149.100.209
                                                                          Sep 6, 2024 12:32:42.251229048 CEST4434977934.149.100.209192.168.2.5
                                                                          Sep 6, 2024 12:32:42.255242109 CEST49776443192.168.2.534.149.100.209
                                                                          Sep 6, 2024 12:32:42.255258083 CEST49776443192.168.2.534.149.100.209
                                                                          Sep 6, 2024 12:32:42.255258083 CEST4977880192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:42.255475044 CEST49779443192.168.2.534.149.100.209
                                                                          Sep 6, 2024 12:32:42.255475044 CEST4977880192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:42.255803108 CEST49779443192.168.2.534.149.100.209
                                                                          Sep 6, 2024 12:32:42.255815029 CEST4434977934.149.100.209192.168.2.5
                                                                          Sep 6, 2024 12:32:42.260286093 CEST804977834.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:42.961855888 CEST804977834.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:42.965236902 CEST4434977934.149.100.209192.168.2.5
                                                                          Sep 6, 2024 12:32:42.965408087 CEST49779443192.168.2.534.149.100.209
                                                                          Sep 6, 2024 12:32:42.966480970 CEST804977834.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:42.968235016 CEST49779443192.168.2.534.149.100.209
                                                                          Sep 6, 2024 12:32:42.968245983 CEST4434977934.149.100.209192.168.2.5
                                                                          Sep 6, 2024 12:32:42.968502998 CEST4434977934.149.100.209192.168.2.5
                                                                          Sep 6, 2024 12:32:42.968636036 CEST4977880192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:42.970699072 CEST4978080192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:42.970741987 CEST49779443192.168.2.534.149.100.209
                                                                          Sep 6, 2024 12:32:42.970860958 CEST49779443192.168.2.534.149.100.209
                                                                          Sep 6, 2024 12:32:42.970909119 CEST4434977934.149.100.209192.168.2.5
                                                                          Sep 6, 2024 12:32:42.972135067 CEST49779443192.168.2.534.149.100.209
                                                                          Sep 6, 2024 12:32:42.973525047 CEST443497773.164.68.56192.168.2.5
                                                                          Sep 6, 2024 12:32:42.973661900 CEST49777443192.168.2.53.164.68.56
                                                                          Sep 6, 2024 12:32:42.975692987 CEST804978034.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:42.976672888 CEST49777443192.168.2.53.164.68.56
                                                                          Sep 6, 2024 12:32:42.976685047 CEST443497773.164.68.56192.168.2.5
                                                                          Sep 6, 2024 12:32:42.976854086 CEST4978080192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:42.977027893 CEST443497773.164.68.56192.168.2.5
                                                                          Sep 6, 2024 12:32:42.977317095 CEST4978080192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:42.979552031 CEST4977880192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:42.980182886 CEST49777443192.168.2.53.164.68.56
                                                                          Sep 6, 2024 12:32:42.980271101 CEST49777443192.168.2.53.164.68.56
                                                                          Sep 6, 2024 12:32:42.980384111 CEST443497773.164.68.56192.168.2.5
                                                                          Sep 6, 2024 12:32:42.980499983 CEST49777443192.168.2.53.164.68.56
                                                                          Sep 6, 2024 12:32:42.982126951 CEST804978034.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:42.984421015 CEST804977834.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:42.988259077 CEST49781443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:42.988293886 CEST4434978135.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:42.988352060 CEST49781443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:42.988430977 CEST49781443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:42.988439083 CEST4434978135.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:42.998928070 CEST49782443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:42.998939037 CEST4434978235.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:42.999097109 CEST49783443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:42.999138117 CEST4434978335.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:42.999160051 CEST49782443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:42.999269009 CEST49782443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:42.999281883 CEST4434978235.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:42.999381065 CEST49783443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:42.999562979 CEST49783443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:42.999577045 CEST4434978335.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:43.079535007 CEST804977834.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:43.080293894 CEST4978080192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:43.083332062 CEST4978480192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:43.088216066 CEST804978434.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:43.088293076 CEST4978480192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:43.088428974 CEST4978480192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:43.093322039 CEST804978434.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:43.121750116 CEST4977880192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:43.128051996 CEST804978034.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:43.338495016 CEST804978034.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:43.338561058 CEST4978080192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:43.461138010 CEST4434978235.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:43.461330891 CEST49782443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:43.462202072 CEST4434978135.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:43.464016914 CEST49782443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:43.464024067 CEST4434978235.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:43.464268923 CEST4434978235.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:43.464327097 CEST49781443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:43.466511011 CEST49781443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:43.466514111 CEST4434978135.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:43.466759920 CEST4434978135.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:43.470101118 CEST49782443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:43.470110893 CEST49781443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:43.470236063 CEST49781443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:43.470279932 CEST4434978135.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:43.470289946 CEST49782443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:43.470488071 CEST49781443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:43.470572948 CEST4434978235.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:43.472174883 CEST49782443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:43.474860907 CEST4977880192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:43.479696035 CEST804977834.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:43.483290911 CEST4434978335.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:43.483356953 CEST49783443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:43.485960960 CEST49783443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:43.485970020 CEST4434978335.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:43.486202002 CEST4434978335.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:43.489377022 CEST49783443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:43.489454031 CEST49783443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:43.489514112 CEST4434978335.244.181.201192.168.2.5
                                                                          Sep 6, 2024 12:32:43.489566088 CEST49783443192.168.2.535.244.181.201
                                                                          Sep 6, 2024 12:32:43.562448978 CEST804978434.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:43.575453997 CEST804977834.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:43.588445902 CEST4978480192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:43.593405962 CEST804978434.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:43.639576912 CEST4977880192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:43.688642979 CEST804978434.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:43.740390062 CEST4978480192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:46.492420912 CEST4995353192.168.2.5162.159.36.2
                                                                          Sep 6, 2024 12:32:46.497293949 CEST5349953162.159.36.2192.168.2.5
                                                                          Sep 6, 2024 12:32:46.497425079 CEST4995353192.168.2.5162.159.36.2
                                                                          Sep 6, 2024 12:32:46.502367973 CEST5349953162.159.36.2192.168.2.5
                                                                          Sep 6, 2024 12:32:46.962352037 CEST4995353192.168.2.5162.159.36.2
                                                                          Sep 6, 2024 12:32:46.967569113 CEST5349953162.159.36.2192.168.2.5
                                                                          Sep 6, 2024 12:32:46.969068050 CEST4995353192.168.2.5162.159.36.2
                                                                          Sep 6, 2024 12:32:47.099031925 CEST49955443192.168.2.513.85.23.86
                                                                          Sep 6, 2024 12:32:47.099067926 CEST4434995513.85.23.86192.168.2.5
                                                                          Sep 6, 2024 12:32:47.099230051 CEST49955443192.168.2.513.85.23.86
                                                                          Sep 6, 2024 12:32:47.099586010 CEST49955443192.168.2.513.85.23.86
                                                                          Sep 6, 2024 12:32:47.099601030 CEST4434995513.85.23.86192.168.2.5
                                                                          Sep 6, 2024 12:32:47.761244059 CEST4434995513.85.23.86192.168.2.5
                                                                          Sep 6, 2024 12:32:47.769257069 CEST49955443192.168.2.513.85.23.86
                                                                          Sep 6, 2024 12:32:47.773207903 CEST49955443192.168.2.513.85.23.86
                                                                          Sep 6, 2024 12:32:47.773221970 CEST4434995513.85.23.86192.168.2.5
                                                                          Sep 6, 2024 12:32:47.773514986 CEST4434995513.85.23.86192.168.2.5
                                                                          Sep 6, 2024 12:32:47.782407999 CEST49955443192.168.2.513.85.23.86
                                                                          Sep 6, 2024 12:32:47.828501940 CEST4434995513.85.23.86192.168.2.5
                                                                          Sep 6, 2024 12:32:48.017330885 CEST4434995513.85.23.86192.168.2.5
                                                                          Sep 6, 2024 12:32:48.017358065 CEST4434995513.85.23.86192.168.2.5
                                                                          Sep 6, 2024 12:32:48.017371893 CEST4434995513.85.23.86192.168.2.5
                                                                          Sep 6, 2024 12:32:48.017457962 CEST49955443192.168.2.513.85.23.86
                                                                          Sep 6, 2024 12:32:48.017471075 CEST4434995513.85.23.86192.168.2.5
                                                                          Sep 6, 2024 12:32:48.017514944 CEST49955443192.168.2.513.85.23.86
                                                                          Sep 6, 2024 12:32:48.018784046 CEST4434995513.85.23.86192.168.2.5
                                                                          Sep 6, 2024 12:32:48.018822908 CEST4434995513.85.23.86192.168.2.5
                                                                          Sep 6, 2024 12:32:48.018949032 CEST4434995513.85.23.86192.168.2.5
                                                                          Sep 6, 2024 12:32:48.019745111 CEST49955443192.168.2.513.85.23.86
                                                                          Sep 6, 2024 12:32:48.019781113 CEST49955443192.168.2.513.85.23.86
                                                                          Sep 6, 2024 12:32:48.021728992 CEST49955443192.168.2.513.85.23.86
                                                                          Sep 6, 2024 12:32:48.021744967 CEST4434995513.85.23.86192.168.2.5
                                                                          Sep 6, 2024 12:32:48.021756887 CEST49955443192.168.2.513.85.23.86
                                                                          Sep 6, 2024 12:32:48.021764040 CEST4434995513.85.23.86192.168.2.5
                                                                          Sep 6, 2024 12:32:53.594019890 CEST4977880192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:53.598839045 CEST804977834.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:53.700545073 CEST4978480192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:32:53.705384970 CEST804978434.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:32:58.380662918 CEST49750443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:58.380707026 CEST44349750142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:58.434024096 CEST49751443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:58.434078932 CEST44349751142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:33:03.618058920 CEST4977880192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:33:03.622992992 CEST804977834.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:33:03.718424082 CEST4978480192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:33:03.723290920 CEST804978434.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:33:04.539721012 CEST49762443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:33:04.539760113 CEST49763443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:33:04.539778948 CEST44349762162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:33:04.539793015 CEST44349763162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:33:06.631135941 CEST49957443192.168.2.523.55.235.170
                                                                          Sep 6, 2024 12:33:06.631195068 CEST4434995723.55.235.170192.168.2.5
                                                                          Sep 6, 2024 12:33:06.631294012 CEST49957443192.168.2.523.55.235.170
                                                                          Sep 6, 2024 12:33:06.631516933 CEST49957443192.168.2.523.55.235.170
                                                                          Sep 6, 2024 12:33:06.631535053 CEST4434995723.55.235.170192.168.2.5
                                                                          Sep 6, 2024 12:33:07.104012012 CEST4434995723.55.235.170192.168.2.5
                                                                          Sep 6, 2024 12:33:07.104479074 CEST49957443192.168.2.523.55.235.170
                                                                          Sep 6, 2024 12:33:07.104516983 CEST4434995723.55.235.170192.168.2.5
                                                                          Sep 6, 2024 12:33:07.104865074 CEST4434995723.55.235.170192.168.2.5
                                                                          Sep 6, 2024 12:33:07.106024027 CEST49957443192.168.2.523.55.235.170
                                                                          Sep 6, 2024 12:33:07.106106043 CEST4434995723.55.235.170192.168.2.5
                                                                          Sep 6, 2024 12:33:07.106184959 CEST49957443192.168.2.523.55.235.170
                                                                          Sep 6, 2024 12:33:07.152518034 CEST4434995723.55.235.170192.168.2.5
                                                                          Sep 6, 2024 12:33:07.157248974 CEST49957443192.168.2.523.55.235.170
                                                                          Sep 6, 2024 12:33:07.243454933 CEST4434995723.55.235.170192.168.2.5
                                                                          Sep 6, 2024 12:33:07.243519068 CEST4434995723.55.235.170192.168.2.5
                                                                          Sep 6, 2024 12:33:07.243630886 CEST49957443192.168.2.523.55.235.170
                                                                          Sep 6, 2024 12:33:07.243839979 CEST49957443192.168.2.523.55.235.170
                                                                          Sep 6, 2024 12:33:07.243859053 CEST4434995723.55.235.170192.168.2.5
                                                                          Sep 6, 2024 12:33:12.958019972 CEST49958443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:12.958059072 CEST4434995834.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:12.958257914 CEST49959443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:12.958283901 CEST4434995934.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:12.959899902 CEST49958443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:12.960005999 CEST49958443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:12.960006952 CEST49959443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:12.960021019 CEST4434995834.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:12.960146904 CEST49959443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:12.960160017 CEST4434995934.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:13.520939112 CEST4434995934.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:13.521015882 CEST49959443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:13.522212982 CEST4434995834.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:13.523827076 CEST49958443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:13.524595976 CEST49959443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:13.524605036 CEST4434995934.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:13.524810076 CEST4434995934.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:13.527199030 CEST49958443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:13.527205944 CEST4434995834.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:13.527487040 CEST4434995834.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:13.531013966 CEST49959443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:13.531125069 CEST49959443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:13.531146049 CEST4434995934.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:13.531218052 CEST49958443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:13.531291962 CEST49958443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:13.531403065 CEST4434995834.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:13.531950951 CEST49959443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:13.531966925 CEST49958443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:13.624123096 CEST4977880192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:33:13.730895042 CEST4978480192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:33:13.854607105 CEST804977834.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:33:13.855184078 CEST804978434.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:33:14.093003035 CEST4977880192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:33:14.098068953 CEST804977834.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:33:14.102267981 CEST49960443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.102292061 CEST4434996034.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:14.102521896 CEST49960443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.102612019 CEST49960443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.102618933 CEST4434996034.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:14.124172926 CEST49961443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.124193907 CEST4434996134.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:14.124605894 CEST49961443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.124758005 CEST49961443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.124771118 CEST4434996134.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:14.125236988 CEST49962443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.125243902 CEST4434996234.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:14.125561953 CEST49962443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.125694036 CEST49962443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.125706911 CEST4434996234.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:14.193064928 CEST804977834.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:33:14.241758108 CEST4977880192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:33:14.493355989 CEST4978480192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:33:14.498248100 CEST804978434.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:33:14.558868885 CEST4434996034.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:14.559125900 CEST49960443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.562226057 CEST49960443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.562235117 CEST4434996034.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:14.562488079 CEST4434996034.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:14.564969063 CEST49960443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.565078020 CEST49960443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.565141916 CEST4434996034.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:14.565241098 CEST49960443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.577996016 CEST4434996134.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:14.578159094 CEST49961443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.578680038 CEST4434996234.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:14.579389095 CEST49962443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.580971956 CEST49961443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.580977917 CEST4434996134.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:14.581193924 CEST4434996134.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:14.583241940 CEST49962443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.583246946 CEST4434996234.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:14.583481073 CEST4434996234.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:14.585635900 CEST49961443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.585803032 CEST49961443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.585829020 CEST4434996134.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:14.585922003 CEST49962443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.585987091 CEST49962443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.586061001 CEST4434996234.120.208.123192.168.2.5
                                                                          Sep 6, 2024 12:33:14.586493969 CEST49961443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.586513042 CEST49962443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.586513042 CEST49961443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.586527109 CEST49962443192.168.2.534.120.208.123
                                                                          Sep 6, 2024 12:33:14.594208002 CEST804978434.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:33:14.640737057 CEST4978480192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:33:14.651515961 CEST4977880192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:33:14.656332970 CEST804977834.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:33:14.751368046 CEST804977834.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:33:14.796204090 CEST4977880192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:33:14.868206024 CEST4978480192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:33:14.873202085 CEST804978434.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:33:14.968662024 CEST804978434.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:33:15.012494087 CEST4978480192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:33:24.755477905 CEST4977880192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:33:24.760417938 CEST804977834.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:33:24.978142023 CEST4978480192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:33:24.983073950 CEST804978434.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:33:34.785893917 CEST4977880192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:33:34.790739059 CEST804977834.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:33:34.986562967 CEST4978480192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:33:34.991488934 CEST804978434.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:33:43.389334917 CEST49750443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:33:43.389370918 CEST44349750142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:33:43.442725897 CEST49751443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:33:43.442754030 CEST44349751142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:33:44.814898968 CEST4977880192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:33:44.819839001 CEST804977834.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:33:45.015554905 CEST4978480192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:33:45.020498991 CEST804978434.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:33:54.840039968 CEST4977880192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:33:55.040719032 CEST4978480192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:33:55.313246012 CEST804977834.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:33:55.313256979 CEST804978434.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:34:05.324646950 CEST4978480192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:34:05.324676991 CEST4977880192.168.2.534.107.221.82
                                                                          Sep 6, 2024 12:34:05.329618931 CEST804978434.107.221.82192.168.2.5
                                                                          Sep 6, 2024 12:34:05.329643965 CEST804977834.107.221.82192.168.2.5
                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Sep 6, 2024 12:32:04.972990036 CEST53545791.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:05.859560966 CEST6426753192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:05.859798908 CEST5060353192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:07.443998098 CEST53514821.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:07.782201052 CEST53607461.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:09.168021917 CEST5288453192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:09.168279886 CEST6507453192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:09.174988985 CEST53650741.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:09.175209999 CEST53528841.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:09.880338907 CEST5592753192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:09.880562067 CEST6478853192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:09.894040108 CEST53647881.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:09.894215107 CEST53559271.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:09.930463076 CEST5000953192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:09.930757999 CEST6509753192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:09.937642097 CEST53650971.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:09.937911034 CEST53500091.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:09.978271008 CEST6358253192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:09.978410959 CEST5281253192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:09.985049009 CEST53635821.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:09.985064983 CEST53528121.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:10.691011906 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:10.992952108 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.154810905 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.154838085 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.154849052 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.154999018 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.155011892 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.155483007 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.157998085 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.158113956 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.158497095 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.158612013 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.158715010 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.158803940 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.158895016 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.159073114 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.159195900 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.159360886 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.159477949 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.159634113 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.239512920 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.243937016 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.259747982 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.259953976 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.259964943 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.259974003 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.260344028 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.260452986 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.260907888 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.261828899 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.261903048 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.262259007 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.262584925 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.262684107 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.262693882 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.262721062 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.262995005 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.263340950 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.263560057 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.273278952 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.275909901 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.281352043 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.288777113 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.289380074 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.338140011 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.338893890 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.342292070 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.343473911 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.357969046 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.376456976 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.453078985 CEST64919443192.168.2.5142.251.41.3
                                                                          Sep 6, 2024 12:32:11.453320980 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.545073986 CEST64919443192.168.2.5142.251.41.3
                                                                          Sep 6, 2024 12:32:11.545521975 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.546402931 CEST64919443192.168.2.5142.251.41.3
                                                                          Sep 6, 2024 12:32:11.546444893 CEST64919443192.168.2.5142.251.41.3
                                                                          Sep 6, 2024 12:32:11.547559023 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.728568077 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.729090929 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.811542988 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.811558962 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.811794043 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.812222958 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.828341007 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.828888893 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.829025984 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.840292931 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.840495110 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:11.843902111 CEST51423443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:32:11.845546007 CEST51423443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:32:11.845801115 CEST51423443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:32:11.899888039 CEST44364919142.251.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.903810024 CEST44364919142.251.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.903836012 CEST44364919142.251.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.903847933 CEST44364919142.251.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:11.930104971 CEST64919443192.168.2.5142.251.41.3
                                                                          Sep 6, 2024 12:32:11.934155941 CEST64919443192.168.2.5142.251.41.3
                                                                          Sep 6, 2024 12:32:11.934206963 CEST64919443192.168.2.5142.251.41.3
                                                                          Sep 6, 2024 12:32:12.028233051 CEST44364919142.251.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:12.028270006 CEST44364919142.251.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:12.028280020 CEST44364919142.251.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:12.028713942 CEST44364919142.251.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:12.028748989 CEST64919443192.168.2.5142.251.41.3
                                                                          Sep 6, 2024 12:32:12.028784037 CEST44364919142.251.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:12.028826952 CEST44364919142.251.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:12.029082060 CEST64919443192.168.2.5142.251.41.3
                                                                          Sep 6, 2024 12:32:12.029207945 CEST64919443192.168.2.5142.251.41.3
                                                                          Sep 6, 2024 12:32:12.029248953 CEST64919443192.168.2.5142.251.41.3
                                                                          Sep 6, 2024 12:32:12.147840023 CEST44364919142.251.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:12.302728891 CEST4435142364.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:32:12.303582907 CEST4435142364.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:32:12.303715944 CEST4435142364.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:32:12.303735018 CEST4435142364.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:32:12.303747892 CEST4435142364.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:32:12.304924965 CEST51423443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:32:12.305670023 CEST51423443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:32:12.390404940 CEST6316653192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:12.397723913 CEST53631661.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:12.406306028 CEST4435142364.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:32:12.406316996 CEST4435142364.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:32:12.406328917 CEST4435142364.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:32:12.409193993 CEST51423443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:32:12.409352064 CEST51423443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:32:12.409439087 CEST51423443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:32:12.433784008 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.445413113 CEST5087253192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:12.448066950 CEST64919443192.168.2.5142.251.41.3
                                                                          Sep 6, 2024 12:32:12.448124886 CEST64919443192.168.2.5142.251.41.3
                                                                          Sep 6, 2024 12:32:12.448457003 CEST51423443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:32:12.455375910 CEST53508721.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:12.534187078 CEST4435142364.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:32:12.544795990 CEST44364919142.251.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:12.545250893 CEST44364919142.251.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:12.545295954 CEST44364919142.251.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:12.575258017 CEST4435142364.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:32:12.578551054 CEST4435142364.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:32:12.578567028 CEST4435142364.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:32:12.580840111 CEST64919443192.168.2.5142.251.41.3
                                                                          Sep 6, 2024 12:32:12.581116915 CEST51423443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:32:12.582722902 CEST51423443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:32:12.590966940 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:12.591080904 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:12.620666981 CEST64919443192.168.2.5142.251.41.3
                                                                          Sep 6, 2024 12:32:12.684521914 CEST4435142364.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:32:12.692253113 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:12.693510056 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:12.693953991 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:12.699681044 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:12.704169035 CEST44364919142.251.41.3192.168.2.5
                                                                          Sep 6, 2024 12:32:12.750516891 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.893383026 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.893507957 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.899302006 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.899363995 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.899378061 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.899389982 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:12.905250072 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.906517029 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.907768011 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.907876015 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.908878088 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.908890963 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:12.909037113 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:13.001269102 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:13.001295090 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:13.002635956 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:13.003026009 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:13.017477036 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:13.018387079 CEST6348253192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:13.019120932 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:13.019165039 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:13.019298077 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:13.019457102 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:13.020536900 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:13.030507088 CEST5676753192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:13.042998075 CEST53567671.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:13.078898907 CEST5027553192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:13.085855961 CEST53502751.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:13.113795996 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:13.517568111 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:13.517704964 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:13.616529942 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:13.617209911 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:13.617252111 CEST44359828162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:13.628880978 CEST59828443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:13.683190107 CEST51423443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:32:13.808624983 CEST4435142364.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:32:13.835598946 CEST4435142364.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:32:13.835671902 CEST4435142364.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:32:13.836827993 CEST51423443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:32:13.875319004 CEST51423443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:32:13.961877108 CEST4435142364.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:32:14.002522945 CEST64205443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:14.306098938 CEST64205443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:14.583053112 CEST44364205162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.583071947 CEST44364205162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.583168983 CEST44364205162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.583180904 CEST44364205162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.583192110 CEST44364205162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.584242105 CEST64205443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:14.586878061 CEST64205443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:14.586982965 CEST64205443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:14.587265968 CEST64205443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:14.590852976 CEST64205443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:14.642227888 CEST4995053192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:14.648977041 CEST5397953192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:14.649117947 CEST53499501.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:14.650685072 CEST6006253192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:14.655597925 CEST53539791.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:14.680753946 CEST44364205162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.680908918 CEST44364205162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.681272984 CEST64205443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:14.681642056 CEST44364205162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.681885004 CEST44364205162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.682030916 CEST64205443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:14.682348013 CEST44364205162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.685267925 CEST44364205162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.686058044 CEST44364205162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.696000099 CEST64205443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:14.776102066 CEST44364205162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:32:14.803620100 CEST64205443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:32:20.687498093 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:20.687536001 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:20.781481981 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:20.819513083 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:20.829786062 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:20.830070019 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:20.832150936 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:20.871335030 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:20.948668003 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:41.468693972 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:41.576419115 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:41.576448917 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:41.577020884 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:41.616230011 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:41.695559978 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:41.768568993 CEST6516153192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:41.768877029 CEST5292853192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:41.775522947 CEST53651611.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:41.776428938 CEST5483653192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:41.776462078 CEST53529281.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:41.777090073 CEST5814153192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:41.783173084 CEST53548361.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:41.783685923 CEST5132653192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:41.784109116 CEST53581411.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:41.790460110 CEST53513261.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:42.104290962 CEST6237753192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:42.112294912 CEST53623771.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:42.113523960 CEST5693953192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:42.120985031 CEST53569391.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:42.121468067 CEST5026253192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:32:42.128401041 CEST53502621.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:32:42.335834026 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:42.435276031 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:42.443372965 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:42.443578959 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:42.446767092 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:42.478099108 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:42.540124893 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:42.543210030 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:42.543361902 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:42.548868895 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:42.584676027 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:42.767059088 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:42.961699009 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:42.961780071 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:42.964381933 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:42.971273899 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:42.975033045 CEST58738443192.168.2.5142.250.80.46
                                                                          Sep 6, 2024 12:32:43.053035975 CEST44358738142.250.80.46192.168.2.5
                                                                          Sep 6, 2024 12:32:46.491728067 CEST5350102162.159.36.2192.168.2.5
                                                                          Sep 6, 2024 12:32:47.043210983 CEST53500601.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:33:05.872097969 CEST57745443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:33:05.872217894 CEST57745443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:33:05.872412920 CEST57745443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:33:05.872507095 CEST57745443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:33:06.330070972 CEST44357745162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:33:06.330861092 CEST57745443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:33:06.363650084 CEST57745443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:33:06.428469896 CEST44357745162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:33:06.428488970 CEST44357745162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:33:06.428499937 CEST44357745162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:33:06.428510904 CEST44357745162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:33:06.429169893 CEST57745443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:33:06.429236889 CEST57745443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:33:06.530376911 CEST44357745162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:33:06.530855894 CEST57745443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:33:06.629549980 CEST44357745162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:33:06.630110025 CEST44357745162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:33:06.630310059 CEST44357745162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:33:06.630680084 CEST57745443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:33:08.932470083 CEST57745443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:33:08.932579994 CEST57745443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:33:09.031982899 CEST44357745162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:33:09.033673048 CEST44357745162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:33:09.033829927 CEST44357745162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:33:09.034312963 CEST57745443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:33:09.035486937 CEST50019443192.168.2.523.44.201.31
                                                                          Sep 6, 2024 12:33:09.491878033 CEST4435001923.44.201.31192.168.2.5
                                                                          Sep 6, 2024 12:33:09.491987944 CEST4435001923.44.201.31192.168.2.5
                                                                          Sep 6, 2024 12:33:09.494208097 CEST50019443192.168.2.523.44.201.31
                                                                          Sep 6, 2024 12:33:09.494333029 CEST50019443192.168.2.523.44.201.31
                                                                          Sep 6, 2024 12:33:09.592828035 CEST4435001923.44.201.31192.168.2.5
                                                                          Sep 6, 2024 12:33:09.592866898 CEST4435001923.44.201.31192.168.2.5
                                                                          Sep 6, 2024 12:33:09.592870951 CEST4435001923.44.201.31192.168.2.5
                                                                          Sep 6, 2024 12:33:09.595285892 CEST50019443192.168.2.523.44.201.31
                                                                          Sep 6, 2024 12:33:09.633522987 CEST50019443192.168.2.523.44.201.31
                                                                          Sep 6, 2024 12:33:09.693497896 CEST4435001923.44.201.31192.168.2.5
                                                                          Sep 6, 2024 12:33:10.685749054 CEST64888443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:33:10.685906887 CEST64888443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:33:10.686141968 CEST64888443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:33:11.308756113 CEST4436488864.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:33:11.308809996 CEST4436488864.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:33:11.308824062 CEST4436488864.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:33:11.308835030 CEST4436488864.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:33:11.309349060 CEST64888443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:33:11.309425116 CEST64888443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:33:11.309714079 CEST4436488864.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:33:11.309854031 CEST64888443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:33:11.346246958 CEST4436488864.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:33:11.346287966 CEST4436488864.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:33:11.346297026 CEST4436488864.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:33:11.346685886 CEST64888443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:33:11.385974884 CEST64888443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:33:11.410837889 CEST4436488864.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:33:11.448621988 CEST4436488864.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:33:11.448992968 CEST64888443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:33:12.482645988 CEST57745443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:33:12.482762098 CEST57745443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:33:12.583091974 CEST44357745162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:33:12.583695889 CEST44357745162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:33:12.583707094 CEST44357745162.159.61.3192.168.2.5
                                                                          Sep 6, 2024 12:33:12.586348057 CEST57745443192.168.2.5162.159.61.3
                                                                          Sep 6, 2024 12:33:12.958761930 CEST5364053192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:33:12.965915918 CEST53536401.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:33:12.975961924 CEST4994653192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:33:12.983731031 CEST53499461.1.1.1192.168.2.5
                                                                          Sep 6, 2024 12:33:13.698540926 CEST64888443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:33:13.977788925 CEST4436488864.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:33:14.017047882 CEST64888443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:33:14.036647081 CEST4436488864.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:33:14.037214994 CEST4436488864.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:33:14.037270069 CEST4436488864.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:33:14.041325092 CEST64888443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:33:14.041419029 CEST64888443192.168.2.564.233.180.84
                                                                          Sep 6, 2024 12:33:14.093631983 CEST5664653192.168.2.51.1.1.1
                                                                          Sep 6, 2024 12:33:14.167927980 CEST4436488864.233.180.84192.168.2.5
                                                                          Sep 6, 2024 12:33:29.595851898 CEST4435001923.44.201.31192.168.2.5
                                                                          Sep 6, 2024 12:33:29.635591984 CEST50019443192.168.2.523.44.201.31
                                                                          Sep 6, 2024 12:33:30.127779007 CEST4435001923.44.201.31192.168.2.5
                                                                          Sep 6, 2024 12:33:30.174911976 CEST50019443192.168.2.523.44.201.31
                                                                          Sep 6, 2024 12:33:39.603315115 CEST4435001923.44.201.31192.168.2.5
                                                                          Sep 6, 2024 12:34:08.987387896 CEST51142443192.168.2.523.44.201.31
                                                                          Sep 6, 2024 12:34:09.433049917 CEST4435114223.44.201.31192.168.2.5
                                                                          Sep 6, 2024 12:34:09.433069944 CEST4435114223.44.201.31192.168.2.5
                                                                          Sep 6, 2024 12:34:09.434010983 CEST51142443192.168.2.523.44.201.31
                                                                          Sep 6, 2024 12:34:09.531857014 CEST4435114223.44.201.31192.168.2.5
                                                                          Sep 6, 2024 12:34:09.532237053 CEST4435114223.44.201.31192.168.2.5
                                                                          Sep 6, 2024 12:34:09.532366991 CEST4435114223.44.201.31192.168.2.5
                                                                          Sep 6, 2024 12:34:09.532380104 CEST4435114223.44.201.31192.168.2.5
                                                                          Sep 6, 2024 12:34:09.532593966 CEST51142443192.168.2.523.44.201.31
                                                                          Sep 6, 2024 12:34:09.565243959 CEST51142443192.168.2.523.44.201.31
                                                                          Sep 6, 2024 12:34:09.628068924 CEST4435114223.44.201.31192.168.2.5
                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                          Sep 6, 2024 12:32:05.859560966 CEST192.168.2.51.1.1.10x14f3Standard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:05.859798908 CEST192.168.2.51.1.1.10xcb2dStandard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                          Sep 6, 2024 12:32:09.168021917 CEST192.168.2.51.1.1.10x6eefStandard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:09.168279886 CEST192.168.2.51.1.1.10xcfcStandard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                          Sep 6, 2024 12:32:09.880338907 CEST192.168.2.51.1.1.10x1511Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:09.880562067 CEST192.168.2.51.1.1.10xda1dStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Sep 6, 2024 12:32:09.930463076 CEST192.168.2.51.1.1.10xe02aStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:09.930757999 CEST192.168.2.51.1.1.10xa465Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Sep 6, 2024 12:32:09.978271008 CEST192.168.2.51.1.1.10xbb1dStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:09.978410959 CEST192.168.2.51.1.1.10xc8baStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Sep 6, 2024 12:32:12.390404940 CEST192.168.2.51.1.1.10xcad7Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:12.445413113 CEST192.168.2.51.1.1.10x9236Standard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                          Sep 6, 2024 12:32:13.018387079 CEST192.168.2.51.1.1.10x5552Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:13.030507088 CEST192.168.2.51.1.1.10x497Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:13.078898907 CEST192.168.2.51.1.1.10x73acStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                          Sep 6, 2024 12:32:14.642227888 CEST192.168.2.51.1.1.10xd97cStandard query (0)example.orgA (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:14.648977041 CEST192.168.2.51.1.1.10x969dStandard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:14.650685072 CEST192.168.2.51.1.1.10x6785Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:41.768568993 CEST192.168.2.51.1.1.10x643bStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:41.768877029 CEST192.168.2.51.1.1.10xfe6dStandard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:41.776428938 CEST192.168.2.51.1.1.10x702fStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:41.777090073 CEST192.168.2.51.1.1.10xeb18Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                          Sep 6, 2024 12:32:41.783685923 CEST192.168.2.51.1.1.10x1584Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                          Sep 6, 2024 12:32:42.104290962 CEST192.168.2.51.1.1.10xbd3fStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:42.113523960 CEST192.168.2.51.1.1.10x3984Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:42.121468067 CEST192.168.2.51.1.1.10xdc26Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                          Sep 6, 2024 12:33:12.958761930 CEST192.168.2.51.1.1.10x4664Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:33:12.975961924 CEST192.168.2.51.1.1.10x4d25Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                          Sep 6, 2024 12:33:14.093631983 CEST192.168.2.51.1.1.10xab6cStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                          Sep 6, 2024 12:32:05.029747963 CEST1.1.1.1192.168.2.50xfNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:05.029757023 CEST1.1.1.1192.168.2.50xded4No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:05.029757023 CEST1.1.1.1192.168.2.50xded4No error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:05.866977930 CEST1.1.1.1192.168.2.50x14f3No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:05.867645979 CEST1.1.1.1192.168.2.50xcb2dNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:09.174988985 CEST1.1.1.1192.168.2.50xcfcNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:09.175209999 CEST1.1.1.1192.168.2.50x6eefNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:09.175209999 CEST1.1.1.1192.168.2.50x6eefNo error (0)googlehosted.l.googleusercontent.com142.250.185.97A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:09.894040108 CEST1.1.1.1192.168.2.50xda1dNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Sep 6, 2024 12:32:09.894215107 CEST1.1.1.1192.168.2.50x1511No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:09.894215107 CEST1.1.1.1192.168.2.50x1511No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:09.937642097 CEST1.1.1.1192.168.2.50xa465No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Sep 6, 2024 12:32:09.937911034 CEST1.1.1.1192.168.2.50xe02aNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:09.937911034 CEST1.1.1.1192.168.2.50xe02aNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:09.985049009 CEST1.1.1.1192.168.2.50xbb1dNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:09.985049009 CEST1.1.1.1192.168.2.50xbb1dNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:09.985064983 CEST1.1.1.1192.168.2.50xc8baNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                          Sep 6, 2024 12:32:10.392560959 CEST1.1.1.1192.168.2.50xa447No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:10.392560959 CEST1.1.1.1192.168.2.50xa447No error (0)sni1gl.wpc.nucdn.net152.199.21.175A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:10.394077063 CEST1.1.1.1192.168.2.50xdf27No error (0)scdn1f005.wpc.ad629.nucdn.netsni1gl.wpc.nucdn.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:12.368324041 CEST1.1.1.1192.168.2.50xbf38No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:12.397723913 CEST1.1.1.1192.168.2.50xcad7No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:13.025511980 CEST1.1.1.1192.168.2.50x5552No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:13.025511980 CEST1.1.1.1192.168.2.50x5552No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:13.042998075 CEST1.1.1.1192.168.2.50x497No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:13.085855961 CEST1.1.1.1192.168.2.50x73acNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                          Sep 6, 2024 12:32:14.649117947 CEST1.1.1.1192.168.2.50xd97cNo error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:14.655597925 CEST1.1.1.1192.168.2.50x969dNo error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:14.655597925 CEST1.1.1.1192.168.2.50x969dNo error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:14.657879114 CEST1.1.1.1192.168.2.50x6785No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:14.657879114 CEST1.1.1.1192.168.2.50x6785No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:41.767244101 CEST1.1.1.1192.168.2.50x9814No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:41.767244101 CEST1.1.1.1192.168.2.50x9814No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:41.775522947 CEST1.1.1.1192.168.2.50x643bNo error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:41.775522947 CEST1.1.1.1192.168.2.50x643bNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:41.776462078 CEST1.1.1.1192.168.2.50xfe6dNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:41.783173084 CEST1.1.1.1192.168.2.50x702fNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:42.112294912 CEST1.1.1.1192.168.2.50xbd3fNo error (0)services.addons.mozilla.org3.164.68.56A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:42.112294912 CEST1.1.1.1192.168.2.50xbd3fNo error (0)services.addons.mozilla.org3.164.68.65A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:42.112294912 CEST1.1.1.1192.168.2.50xbd3fNo error (0)services.addons.mozilla.org3.164.68.116A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:42.112294912 CEST1.1.1.1192.168.2.50xbd3fNo error (0)services.addons.mozilla.org3.164.68.122A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:42.120985031 CEST1.1.1.1192.168.2.50x3984No error (0)services.addons.mozilla.org18.65.39.85A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:42.120985031 CEST1.1.1.1192.168.2.50x3984No error (0)services.addons.mozilla.org18.65.39.112A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:42.120985031 CEST1.1.1.1192.168.2.50x3984No error (0)services.addons.mozilla.org18.65.39.31A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:42.120985031 CEST1.1.1.1192.168.2.50x3984No error (0)services.addons.mozilla.org18.65.39.4A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:42.997761011 CEST1.1.1.1192.168.2.50x4171No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:42.997761011 CEST1.1.1.1192.168.2.50x4171No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:43.487073898 CEST1.1.1.1192.168.2.50x85c1No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 6, 2024 12:32:43.487073898 CEST1.1.1.1192.168.2.50x85c1No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 6, 2024 12:33:12.902115107 CEST1.1.1.1192.168.2.50xf56eNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:33:12.965915918 CEST1.1.1.1192.168.2.50x4664No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:33:14.100466013 CEST1.1.1.1192.168.2.50xab6cNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                          Sep 6, 2024 12:33:14.100466013 CEST1.1.1.1192.168.2.50xab6cNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                          Sep 6, 2024 12:33:14.100975037 CEST1.1.1.1192.168.2.50x2571No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                          • api.edgeoffer.microsoft.com
                                                                          • clients2.googleusercontent.com
                                                                          • chrome.cloudflare-dns.com
                                                                          • https:
                                                                            • accounts.youtube.com
                                                                            • www.google.com
                                                                          • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                          • edgeassetservice.azureedge.net
                                                                          • fs.microsoft.com
                                                                          • slscr.update.microsoft.com
                                                                          • detectportal.firefox.com
                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          0192.168.2.54975734.107.221.82802820C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Sep 6, 2024 12:32:13.045747995 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Sep 6, 2024 12:32:13.512749910 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Fri, 06 Sep 2024 02:07:20 GMT
                                                                          Age: 30293
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Sep 6, 2024 12:32:23.523746014 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 6, 2024 12:32:33.541994095 CEST6OUTData Raw: 00
                                                                          Data Ascii:


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          1192.168.2.54976534.107.221.82802820C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Sep 6, 2024 12:32:14.673254967 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache
                                                                          Sep 6, 2024 12:32:15.121787071 CEST216INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 8
                                                                          Via: 1.1 google
                                                                          Date: Fri, 06 Sep 2024 05:20:23 GMT
                                                                          Age: 18712
                                                                          Content-Type: text/plain
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                          Data Ascii: success
                                                                          Sep 6, 2024 12:32:25.129682064 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 6, 2024 12:32:35.145019054 CEST6OUTData Raw: 00
                                                                          Data Ascii:


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          2192.168.2.54977834.107.221.82802820C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Sep 6, 2024 12:32:42.255475044 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Sep 6, 2024 12:32:42.961855888 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Thu, 05 Sep 2024 12:11:44 GMT
                                                                          Age: 80458
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Sep 6, 2024 12:32:42.966480970 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Thu, 05 Sep 2024 12:11:44 GMT
                                                                          Age: 80458
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Sep 6, 2024 12:32:42.979552031 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Sep 6, 2024 12:32:43.079535007 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Thu, 05 Sep 2024 12:11:44 GMT
                                                                          Age: 80459
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Sep 6, 2024 12:32:43.474860907 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Sep 6, 2024 12:32:43.575453997 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Thu, 05 Sep 2024 12:11:44 GMT
                                                                          Age: 80459
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Sep 6, 2024 12:32:53.594019890 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 6, 2024 12:33:03.618058920 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 6, 2024 12:33:13.624123096 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 6, 2024 12:33:14.093003035 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Sep 6, 2024 12:33:14.193064928 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Thu, 05 Sep 2024 12:11:44 GMT
                                                                          Age: 80490
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Sep 6, 2024 12:33:14.651515961 CEST303OUTGET /canonical.html HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Connection: keep-alive
                                                                          Sep 6, 2024 12:33:14.751368046 CEST298INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 90
                                                                          Via: 1.1 google
                                                                          Date: Thu, 05 Sep 2024 12:11:44 GMT
                                                                          Age: 80490
                                                                          Content-Type: text/html
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                          Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                          Sep 6, 2024 12:33:24.755477905 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 6, 2024 12:33:34.785893917 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 6, 2024 12:33:44.814898968 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 6, 2024 12:33:54.840039968 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 6, 2024 12:34:05.324676991 CEST6OUTData Raw: 00
                                                                          Data Ascii:


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          3192.168.2.54978034.107.221.82802820C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Sep 6, 2024 12:32:42.977317095 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          4192.168.2.54978434.107.221.82802820C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          Sep 6, 2024 12:32:43.088428974 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache
                                                                          Sep 6, 2024 12:32:43.562448978 CEST216INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 8
                                                                          Via: 1.1 google
                                                                          Date: Fri, 06 Sep 2024 05:20:23 GMT
                                                                          Age: 18740
                                                                          Content-Type: text/plain
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                          Data Ascii: success
                                                                          Sep 6, 2024 12:32:43.588445902 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache
                                                                          Sep 6, 2024 12:32:43.688642979 CEST216INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 8
                                                                          Via: 1.1 google
                                                                          Date: Fri, 06 Sep 2024 05:20:23 GMT
                                                                          Age: 18740
                                                                          Content-Type: text/plain
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                          Data Ascii: success
                                                                          Sep 6, 2024 12:32:53.700545073 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 6, 2024 12:33:03.718424082 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 6, 2024 12:33:13.730895042 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 6, 2024 12:33:14.493355989 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache
                                                                          Sep 6, 2024 12:33:14.594208002 CEST216INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 8
                                                                          Via: 1.1 google
                                                                          Date: Fri, 06 Sep 2024 05:20:23 GMT
                                                                          Age: 18771
                                                                          Content-Type: text/plain
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                          Data Ascii: success
                                                                          Sep 6, 2024 12:33:14.868206024 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                          Host: detectportal.firefox.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                          Accept: */*
                                                                          Accept-Language: en-US,en;q=0.5
                                                                          Accept-Encoding: gzip, deflate
                                                                          Connection: keep-alive
                                                                          Pragma: no-cache
                                                                          Cache-Control: no-cache
                                                                          Sep 6, 2024 12:33:14.968662024 CEST216INHTTP/1.1 200 OK
                                                                          Server: nginx
                                                                          Content-Length: 8
                                                                          Via: 1.1 google
                                                                          Date: Fri, 06 Sep 2024 05:20:23 GMT
                                                                          Age: 18771
                                                                          Content-Type: text/plain
                                                                          Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                          Data Raw: 73 75 63 63 65 73 73 0a
                                                                          Data Ascii: success
                                                                          Sep 6, 2024 12:33:24.978142023 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 6, 2024 12:33:34.986562967 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 6, 2024 12:33:45.015554905 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 6, 2024 12:33:55.040719032 CEST6OUTData Raw: 00
                                                                          Data Ascii:
                                                                          Sep 6, 2024 12:34:05.324646950 CEST6OUTData Raw: 00
                                                                          Data Ascii:


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          0192.168.2.54971094.245.104.564437684C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:05 UTC428OUTGET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1
                                                                          Host: api.edgeoffer.microsoft.com
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-06 10:32:06 UTC584INHTTP/1.1 200 OK
                                                                          Content-Length: 0
                                                                          Connection: close
                                                                          Content-Type: application/x-protobuf; charset=utf-8
                                                                          Date: Fri, 06 Sep 2024 10:32:06 GMT
                                                                          Server: Microsoft-IIS/10.0
                                                                          Set-Cookie: ARRAffinity=19020555a6ce13e7884acd0cd2d8a32f62deb6e74d19a876d58f79edefb7bfc8;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com
                                                                          Set-Cookie: ARRAffinitySameSite=19020555a6ce13e7884acd0cd2d8a32f62deb6e74d19a876d58f79edefb7bfc8;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com
                                                                          Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9
                                                                          X-Powered-By: ASP.NET


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          1192.168.2.549727142.250.185.974437684C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:09 UTC594OUTGET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1
                                                                          Host: clients2.googleusercontent.com
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-06 10:32:10 UTC566INHTTP/1.1 200 OK
                                                                          Accept-Ranges: bytes
                                                                          Content-Length: 135751
                                                                          X-GUploader-UploadID: AD-8ljt_O5XMJoPXlP6Q8KGWegLxpoAv8Lc1GNJdQ3ftIxlOhGAnKSjCUCnfhK-XxvEt00jIhvM
                                                                          X-Goog-Hash: crc32c=IDdmTg==
                                                                          Server: UploadServer
                                                                          Date: Thu, 05 Sep 2024 19:26:09 GMT
                                                                          Expires: Fri, 05 Sep 2025 19:26:09 GMT
                                                                          Cache-Control: public, max-age=31536000
                                                                          Age: 54360
                                                                          Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT
                                                                          ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016
                                                                          Content-Type: application/x-chrome-extension
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close
                                                                          2024-09-06 10:32:10 UTC824INData Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                          Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                          2024-09-06 10:32:10 UTC1390INData Raw: cb 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d b9 f8 4a 3a 06 39 87
                                                                          Data Ascii: 0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.|ws+LT>&&Pjanss9ga:SY>J:9
                                                                          2024-09-06 10:32:10 UTC1390INData Raw: fb 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad ba 65 8d f2 aa de 35
                                                                          Data Ascii: DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z|pQ"k<`ZT|uKC1Yg4ewWe5
                                                                          2024-09-06 10:32:10 UTC1390INData Raw: a3 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d 14 50 5d 28 7c 07 9c
                                                                          Data Ascii: :fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b|wt7nvtD<C}|7e^m?<F\p2uB<Yx9"AI3\[s5y~P](|
                                                                          2024-09-06 10:32:10 UTC1390INData Raw: f4 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb 67 75 fb f1 97 bf fe
                                                                          Data Ascii: 9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:gu
                                                                          2024-09-06 10:32:10 UTC1390INData Raw: ad 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a 54 87 09 2c df 70 99
                                                                          Data Ascii: 3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:T,p
                                                                          2024-09-06 10:32:10 UTC1390INData Raw: 34 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82 4d 0c 6d 44 68 ea 50
                                                                          Data Ascii: 4=%2n$hgffa,_@uYk|9.Y1+x8aBP|*].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=e*ZkLS65mj}0"$MmDhP
                                                                          2024-09-06 10:32:10 UTC1390INData Raw: 87 c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12 83 1e ae 82 2c 32 d0
                                                                          Data Ascii: nh"|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF|V1lvgf&3]1g>Lc(s.u,2
                                                                          2024-09-06 10:32:10 UTC1390INData Raw: 1a 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39 3d 99 b2 b8 fb 19 23
                                                                          Data Ascii: '3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9=#
                                                                          2024-09-06 10:32:10 UTC1390INData Raw: 5e 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f cf c7 58 11 76 5a 6f
                                                                          Data Ascii: ^N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gODXvZo


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          2192.168.2.549734162.159.61.34437684C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:10 UTC245OUTPOST /dns-query HTTP/1.1
                                                                          Host: chrome.cloudflare-dns.com
                                                                          Connection: keep-alive
                                                                          Content-Length: 128
                                                                          Accept: application/dns-message
                                                                          Accept-Language: *
                                                                          User-Agent: Chrome
                                                                          Accept-Encoding: identity
                                                                          Content-Type: application/dns-message
                                                                          2024-09-06 10:32:10 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcom)TP
                                                                          2024-09-06 10:32:10 UTC247INHTTP/1.1 200 OK
                                                                          Server: cloudflare
                                                                          Date: Fri, 06 Sep 2024 10:32:10 GMT
                                                                          Content-Type: application/dns-message
                                                                          Connection: close
                                                                          Access-Control-Allow-Origin: *
                                                                          Content-Length: 468
                                                                          CF-RAY: 8bedcb296c1343a9-EWR
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          2024-09-06 10:32:10 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f5 00 04 8e fa 40 43 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcom@C)


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          3192.168.2.549736172.64.41.34437684C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:10 UTC245OUTPOST /dns-query HTTP/1.1
                                                                          Host: chrome.cloudflare-dns.com
                                                                          Connection: keep-alive
                                                                          Content-Length: 128
                                                                          Accept: application/dns-message
                                                                          Accept-Language: *
                                                                          User-Agent: Chrome
                                                                          Accept-Encoding: identity
                                                                          Content-Type: application/dns-message
                                                                          2024-09-06 10:32:10 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcom)TP
                                                                          2024-09-06 10:32:10 UTC247INHTTP/1.1 200 OK
                                                                          Server: cloudflare
                                                                          Date: Fri, 06 Sep 2024 10:32:10 GMT
                                                                          Content-Type: application/dns-message
                                                                          Connection: close
                                                                          Access-Control-Allow-Origin: *
                                                                          Content-Length: 468
                                                                          CF-RAY: 8bedcb29b899c481-EWR
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          2024-09-06 10:32:10 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 e6 00 04 8e fa 51 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcomQ)


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          4192.168.2.549735162.159.61.34437684C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:10 UTC245OUTPOST /dns-query HTTP/1.1
                                                                          Host: chrome.cloudflare-dns.com
                                                                          Connection: keep-alive
                                                                          Content-Length: 128
                                                                          Accept: application/dns-message
                                                                          Accept-Language: *
                                                                          User-Agent: Chrome
                                                                          Accept-Encoding: identity
                                                                          Content-Type: application/dns-message
                                                                          2024-09-06 10:32:10 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcom)TP
                                                                          2024-09-06 10:32:10 UTC247INHTTP/1.1 200 OK
                                                                          Server: cloudflare
                                                                          Date: Fri, 06 Sep 2024 10:32:10 GMT
                                                                          Content-Type: application/dns-message
                                                                          Connection: close
                                                                          Access-Control-Allow-Origin: *
                                                                          Content-Length: 468
                                                                          CF-RAY: 8bedcb29ed961875-EWR
                                                                          alt-svc: h3=":443"; ma=86400
                                                                          2024-09-06 10:32:10 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 05 00 04 8e fa 50 23 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                          Data Ascii: wwwgstaticcomP#)


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          5192.168.2.549737184.28.90.27443
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:11 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                          Connection: Keep-Alive
                                                                          Accept: */*
                                                                          Accept-Encoding: identity
                                                                          User-Agent: Microsoft BITS/7.8
                                                                          Host: fs.microsoft.com
                                                                          2024-09-06 10:32:11 UTC466INHTTP/1.1 200 OK
                                                                          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                          Content-Type: application/octet-stream
                                                                          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                          Server: ECAcc (lpl/EF06)
                                                                          X-CID: 11
                                                                          X-Ms-ApiVersion: Distribute 1.2
                                                                          X-Ms-Region: prod-weu-z1
                                                                          Cache-Control: public, max-age=22419
                                                                          Date: Fri, 06 Sep 2024 10:32:11 GMT
                                                                          Connection: close
                                                                          X-CID: 2


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          6192.168.2.549740142.250.72.1104437684C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:11 UTC1079OUTGET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=995099751&timestamp=1725618730266 HTTP/1.1
                                                                          Host: accounts.youtube.com
                                                                          Connection: keep-alive
                                                                          sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                                                                          sec-ch-ua-mobile: ?0
                                                                          sec-ch-ua-full-version: "117.0.5938.132"
                                                                          sec-ch-ua-arch: "x86"
                                                                          sec-ch-ua-platform: "Windows"
                                                                          sec-ch-ua-platform-version: "10.0.0"
                                                                          sec-ch-ua-model: ""
                                                                          sec-ch-ua-bitness: "64"
                                                                          sec-ch-ua-wow64: ?0
                                                                          sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"
                                                                          Upgrade-Insecure-Requests: 1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                          Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                          Sec-Fetch-Site: cross-site
                                                                          Sec-Fetch-Mode: navigate
                                                                          Sec-Fetch-Dest: iframe
                                                                          Referer: https://accounts.google.com/
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-06 10:32:11 UTC1971INHTTP/1.1 200 OK
                                                                          Content-Type: text/html; charset=utf-8
                                                                          X-Frame-Options: ALLOW-FROM https://accounts.google.com
                                                                          Content-Security-Policy: frame-ancestors https://accounts.google.com
                                                                          Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
                                                                          Content-Security-Policy: script-src 'report-sample' 'nonce-j-uO-F7leMufJh_yglDIdQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self'
                                                                          Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist
                                                                          Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                          Pragma: no-cache
                                                                          Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                          Date: Fri, 06 Sep 2024 10:32:11 GMT
                                                                          Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                          Cross-Origin-Opener-Policy: same-origin
                                                                          Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                          Cross-Origin-Resource-Policy: cross-origin
                                                                          reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmLw1JBikPj6kkkNiJ3SZ7AGAHHSv_OsBUC8JOIi64HEi6yXuy-xXgdi1Z5LrMZALMTDsXrL621sAh-mvf3PpKSXlF8Yn5mSmleSWVKZkp-bmJmXnJ-fnZlaXJxaVJZaFG9kYGRiYGFkqmdgEV9gAAA9PS8R"
                                                                          Server: ESF
                                                                          X-XSS-Protection: 0
                                                                          X-Content-Type-Options: nosniff
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Accept-Ranges: none
                                                                          Vary: Accept-Encoding
                                                                          Connection: close
                                                                          Transfer-Encoding: chunked
                                                                          2024-09-06 10:32:11 UTC1971INData Raw: 37 36 33 61 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 6a 2d 75 4f 2d 46 37 6c 65 4d 75 66 4a 68 5f 79 67 6c 44 49 64 51 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f
                                                                          Data Ascii: 763a<html><head><script nonce="j-uO-F7leMufJh_yglDIdQ">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs||{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
                                                                          2024-09-06 10:32:11 UTC1971INData Raw: 6e 20 64 20 69 6e 20 62 7d 29 5d 7c 7c 22 22 7d 7d 2c 70 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 0a 66 61 28 29 3b 69 66 28 61 3d 3d 3d 22 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 22 29 7b 69 66 28 6a 61 28 29 29 69 66 28 28 61 3d 2f 72 76 3a 20 2a 28 5b 5c 64 5c 2e 5d 2a 29 2f 2e 65 78 65 63 28 62 29 29 26 26 61 5b 31 5d 29 62 3d 61 5b 31 5d 3b 65 6c 73 65 7b 61 3d 22 22 3b 76 61 72 20 63 3d 2f 4d 53 49 45 20 2b 28 5b 5c 64 5c 2e 5d 2b 29 2f 2e 65 78 65 63 28 62 29 3b 69 66 28 63 26 26 63 5b 31 5d 29 69 66 28 62 3d 2f 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e
                                                                          Data Ascii: n d in b})]||""}},pa=function(a){var b=fa();if(a==="Internet Explorer"){if(ja())if((a=/rv: *([\d\.]*)/.exec(b))&&a[1])b=a[1];else{a="";var c=/MSIE +([\d\.]+)/.exec(b);if(c&&c[1])if(b=/Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.
                                                                          2024-09-06 10:32:11 UTC1971INData Raw: 6f 6e 28 61 2c 62 2c 63 29 7b 61 3d 3d 6e 75 6c 6c 26 26 28 61 3d 79 61 29 3b 79 61 3d 76 6f 69 64 20 30 3b 69 66 28 61 3d 3d 6e 75 6c 6c 29 7b 76 61 72 20 64 3d 39 36 3b 63 3f 28 61 3d 5b 63 5d 2c 64 7c 3d 35 31 32 29 3a 61 3d 5b 5d 3b 62 26 26 28 64 3d 64 26 2d 31 36 37 36 30 38 33 33 7c 28 62 26 31 30 32 33 29 3c 3c 31 34 29 7d 65 6c 73 65 7b 69 66 28 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6e 22 29 3b 0a 64 3d 7a 28 61 29 3b 69 66 28 64 26 32 30 34 38 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6f 22 29 3b 69 66 28 64 26 36 34 29 72 65 74 75 72 6e 20 61 3b 64 7c 3d 36 34 3b 69 66 28 63 26 26 28 64 7c 3d 35 31 32 2c 63 21 3d 3d 61 5b 30 5d 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 70 22 29 3b 61 3a
                                                                          Data Ascii: on(a,b,c){a==null&&(a=ya);ya=void 0;if(a==null){var d=96;c?(a=[c],d|=512):a=[];b&&(d=d&-16760833|(b&1023)<<14)}else{if(!Array.isArray(a))throw Error("n");d=z(a);if(d&2048)throw Error("o");if(d&64)return a;d|=64;if(c&&(d|=512,c!==a[0]))throw Error("p");a:
                                                                          2024-09-06 10:32:11 UTC1971INData Raw: 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 43 3f 61 2e 4a 3a 4b 61 28 61 2e 4a 2c 4e 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 76 61 72 20 62 3d 21 43 2c 63 3d 61 2e 6c 65 6e 67 74 68 3b 69 66 28 63 29 7b 76 61 72 20 64 3d 61 5b 63 2d 31 5d 2c 65 3d 76 61 28 64 29 3b 65 3f 63 2d 2d 3a 64 3d 76 6f 69 64 20 30 3b 76 61 72 20 66 3d 61 3b 69 66 28 65 29 7b 62 3a 7b 76 61 72 20 68 3d 64 3b 76 61 72 20 67 3d 7b 7d 3b 65 3d 21 31 3b 69 66 28 68 29 66 6f 72 28 76 61 72 20 6b 20 69 6e 20 68 29 69 66 28 69 73 4e 61 4e 28 2b 6b 29 29 67 5b 6b 5d 3d 68 5b 6b 5d 3b 65 6c 73 65 7b 76 61 72 20 6c 3d 0a 68 5b 6b 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 6c 29 26 26 28 41 28 6c 29 7c 7c 75 61 28 6c 29 26 26 6c 2e 73 69 7a 65 3d 3d 3d 30 29 26 26 28 6c 3d
                                                                          Data Ascii: nction(a){a=C?a.J:Ka(a.J,Na,void 0,void 0,!1);var b=!C,c=a.length;if(c){var d=a[c-1],e=va(d);e?c--:d=void 0;var f=a;if(e){b:{var h=d;var g={};e=!1;if(h)for(var k in h)if(isNaN(+k))g[k]=h[k];else{var l=h[k];Array.isArray(l)&&(A(l)||ua(l)&&l.size===0)&&(l=
                                                                          2024-09-06 10:32:11 UTC1971INData Raw: 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 44 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 54 61 28 51 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 0a 76 61 72 20 54 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 2c 46 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d
                                                                          Data Ascii: eof d==="function"&&typeof d.prototype[a]!="function"&&D(d.prototype,a,{configurable:!0,writable:!0,value:function(){return Ta(Qa(this))}})}return a});var Ta=function(a){a={next:a};a[Symbol.iterator]=function(){return this};return a},F=function(a){var b=
                                                                          2024-09-06 10:32:11 UTC1971INData Raw: 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 47 28 6b 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6a 60 22 2b 6b 29 3b 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3d 6c 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 47 28 6b 2c 66 29 3f 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3a 76 6f 69 64 20 30 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 47 28 6b 2c 66 29 26 26 47 28 6b 5b 66 5d 2c 74 68 69 73 2e 67 29 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 0a 47 28 6b 2c 66 29
                                                                          Data Ascii: ("i");d(k);if(!G(k,f))throw Error("j`"+k);k[f][this.g]=l;return this};g.prototype.get=function(k){return c(k)&&G(k,f)?k[f][this.g]:void 0};g.prototype.has=function(k){return c(k)&&G(k,f)&&G(k[f],this.g)};g.prototype.delete=function(k){return c(k)&&G(k,f)
                                                                          2024-09-06 10:32:11 UTC1971INData Raw: 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29 3f 6c 3d 62 2e 67 65 74 28 6b 29 3a 28 6c 3d 22 22 2b 20 2b 2b 68 2c 62 2e 73 65 74 28 6b 2c 6c 29 29 3a 6c 3d 22 70 5f 22 2b 6b 3b 76 61 72 20 6d 3d 67 5b 30 5d 5b 6c 5d 3b 69 66 28 6d 26 26 47 28 67 5b 30 5d 2c 6c 29 29 66 6f 72 28 67 3d 30 3b 67 3c 6d 2e 6c 65 6e 67 74 68 3b 67 2b 2b 29 7b 76 61 72 20 71 3d 6d 5b 67 5d 3b 69 66 28 6b 21 3d 3d 6b 26 26 71 2e 6b 65 79 21 3d 3d 71 2e 6b 65 79 7c 7c 6b 3d 3d 3d 71 2e 6b 65 79 29 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 67 2c 6c 3a 71 7d 7d 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 2d 31 2c 6c 3a 76 6f 69 64 20 30 7d 7d 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20
                                                                          Data Ascii: ="function"?b.has(k)?l=b.get(k):(l=""+ ++h,b.set(k,l)):l="p_"+k;var m=g[0][l];if(m&&G(g[0],l))for(g=0;g<m.length;g++){var q=m[g];if(k!==k&&q.key!==q.key||k===q.key)return{id:l,list:m,index:g,l:q}}return{id:l,list:m,index:-1,l:void 0}},e=function(g,k){var
                                                                          2024-09-06 10:32:11 UTC1971INData Raw: 69 66 28 21 61 29 74 68 72 6f 77 20 45 72 72 6f 72 28 29 3b 69 66 28 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 32 29 7b 76 61 72 20 64 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 2c 32 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 29 3b 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 75 6e 73 68 69 66 74 2e 61 70 70 6c 79 28 65 2c 64 29 3b 72 65 74 75 72 6e 20 61 2e 61 70 70 6c 79 28 62 2c 65 29 7d 7d 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 2e 61 70 70 6c 79 28 62 2c 0a 61 72 67 75 6d 65 6e 74 73 29 7d 7d
                                                                          Data Ascii: if(!a)throw Error();if(arguments.length>2){var d=Array.prototype.slice.call(arguments,2);return function(){var e=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(e,d);return a.apply(b,e)}}return function(){return a.apply(b,arguments)}}
                                                                          2024-09-06 10:32:11 UTC1971INData Raw: 3a 22 55 6e 6b 6e 6f 77 6e 20 65 72 72 6f 72 22 2c 6c 69 6e 65 4e 75 6d 62 65 72 3a 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 2c 66 69 6c 65 4e 61 6d 65 3a 62 2c 73 74 61 63 6b 3a 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 7d 3b 76 61 72 20 63 3d 21 31 3b 74 72 79 7b 76 61 72 20 64 3d 61 2e 6c 69 6e 65 4e 75 6d 62 65 72 7c 7c 61 2e 6c 69 6e 65 7c 7c 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 7d 63 61 74 63 68 28 66 29 7b 64 3d 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 2c 63 3d 21 30 7d 74 72 79 7b 76 61 72 20 65 3d 61 2e 66 69 6c 65 4e 61 6d 65 7c 7c 0a 61 2e 66 69 6c 65 6e 61 6d 65 7c 7c 61 2e 73 6f 75 72 63 65 55 52 4c 7c 7c 72 2e 24 67 6f 6f 67 44 65 62 75 67 46 6e 61 6d 65 7c 7c 62 7d 63 61 74 63 68 28 66 29 7b 65 3d 22 4e 6f 74 20 61 76 61
                                                                          Data Ascii: :"Unknown error",lineNumber:"Not available",fileName:b,stack:"Not available"};var c=!1;try{var d=a.lineNumber||a.line||"Not available"}catch(f){d="Not available",c=!0}try{var e=a.fileName||a.filename||a.sourceURL||r.$googDebugFname||b}catch(f){e="Not ava
                                                                          2024-09-06 10:32:11 UTC1971INData Raw: 72 6e 20 4a 5b 61 5d 3b 61 3d 53 74 72 69 6e 67 28 61 29 3b 69 66 28 21 4a 5b 61 5d 29 7b 76 61 72 20 62 3d 2f 66 75 6e 63 74 69 6f 6e 5c 73 2b 28 5b 5e 5c 28 5d 2b 29 2f 6d 2e 65 78 65 63 28 61 29 3b 4a 5b 61 5d 3d 62 3f 62 5b 31 5d 3a 22 5b 41 6e 6f 6e 79 6d 6f 75 73 5d 22 7d 72 65 74 75 72 6e 20 4a 5b 61 5d 7d 2c 4a 3d 7b 7d 3b 76 61 72 20 74 62 3d 52 65 67 45 78 70 28 22 5e 28 3f 3a 28 5b 5e 3a 2f 3f 23 2e 5d 2b 29 3a 29 3f 28 3f 3a 2f 2f 28 3f 3a 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 29 40 29 3f 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 3f 29 28 3f 3a 3a 28 5b 30 2d 39 5d 2b 29 29 3f 28 3f 3d 5b 5c 5c 5c 5c 2f 3f 23 5d 7c 24 29 29 3f 28 5b 5e 3f 23 5d 2b 29 3f 28 3f 3a 5c 5c 3f 28 5b 5e 23 5d 2a 29 29 3f 28 3f 3a 23 28 5b 5c 5c 73 5c 5c 53 5d 2a 29 29 3f 24
                                                                          Data Ascii: rn J[a];a=String(a);if(!J[a]){var b=/function\s+([^\(]+)/m.exec(a);J[a]=b?b[1]:"[Anonymous]"}return J[a]},J={};var tb=RegExp("^(?:([^:/?#.]+):)?(?://(?:([^\\\\/?#]*)@)?([^\\\\/?#]*?)(?::([0-9]+))?(?=[\\\\/?#]|$))?([^?#]+)?(?:\\?([^#]*))?(?:#([\\s\\S]*))?$


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          7192.168.2.549741152.195.19.974437684C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:11 UTC618OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726223527&P2=404&P3=2&P4=Pi3s95lI%2fu3EpbG1ZNe4TvAMJSTBKzS3ImeC0FCQ%2fzy6laI1jD%2fACF67Kv3wBH3v2jTLAeraXOfxeTZ21HxHyw%3d%3d HTTP/1.1
                                                                          Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                          Connection: keep-alive
                                                                          MS-CV: bS7S89lTRdsEUnldXvNCAn
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-06 10:32:11 UTC632INHTTP/1.1 200 OK
                                                                          Accept-Ranges: bytes
                                                                          Age: 5545262
                                                                          Cache-Control: public, max-age=17280000
                                                                          Content-Type: application/x-chrome-extension
                                                                          Date: Fri, 06 Sep 2024 10:32:11 GMT
                                                                          Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                                                          Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                                                          MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                                                          MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                                                          MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                                                          Server: ECAcc (nyd/D11E)
                                                                          X-AspNet-Version: 4.0.30319
                                                                          X-AspNetMvc-Version: 5.3
                                                                          X-Cache: HIT
                                                                          X-CCC: US
                                                                          X-CID: 11
                                                                          X-Powered-By: ASP.NET
                                                                          X-Powered-By: ARR/3.0
                                                                          X-Powered-By: ASP.NET
                                                                          Content-Length: 11185
                                                                          Connection: close
                                                                          2024-09-06 10:32:11 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                                                          Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          8192.168.2.54974213.107.246.404437684C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:11 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Edge-Asset-Group: EntityExtractionDomainsConfig
                                                                          Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                                                          Sec-Mesh-Client-Edge-Channel: stable
                                                                          Sec-Mesh-Client-OS: Windows
                                                                          Sec-Mesh-Client-OS-Version: 10.0.19045
                                                                          Sec-Mesh-Client-Arch: x86_64
                                                                          Sec-Mesh-Client-WebView: 0
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-06 10:32:12 UTC583INHTTP/1.1 200 OK
                                                                          Date: Fri, 06 Sep 2024 10:32:11 GMT
                                                                          Content-Type: application/octet-stream
                                                                          Content-Length: 70207
                                                                          Connection: close
                                                                          Content-Encoding: gzip
                                                                          Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT
                                                                          ETag: 0x8DCB31E67C22927
                                                                          x-ms-request-id: ed2d6e16-301e-006f-0748-ffc0d3000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240906T103211Z-16579567576l4p9bs8an1npq1n0000000dhg000000007mq6
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 69316365
                                                                          X-Cache: TCP_HIT
                                                                          X-Cache-Info: L1_T2
                                                                          Accept-Ranges: bytes
                                                                          2024-09-06 10:32:12 UTC15801INData Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                                                                          Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                                                                          2024-09-06 10:32:12 UTC16384INData Raw: 4a b0 09 cb 82 45 ac c5 f3 e8 07 bb 82 71 ba da 2a 0b c7 62 2c 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31
                                                                          Data Ascii: JEq*b,0Rte*|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1
                                                                          2024-09-06 10:32:12 UTC16384INData Raw: 2f 4d 35 19 b9 3f d5 c1 f4 52 a7 67 b3 99 ff bc b7 c2 8e 7c d3 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63
                                                                          Data Ascii: /M5?Rg|M kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|c
                                                                          2024-09-06 10:32:12 UTC16384INData Raw: 99 dc 5a 2e 69 cf 52 41 9e 48 c8 71 d7 39 94 dd f7 b6 3f 2a 48 d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81
                                                                          Data Ascii: Z.iRAHq9?*H.7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`
                                                                          2024-09-06 10:32:12 UTC5254INData Raw: 29 50 5f 50 34 9a d3 9a 2a 83 ab 27 93 58 c5 2b d2 9c af 2b 4e 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83
                                                                          Data Ascii: )P_P4*'X++NyVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDY


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          9192.168.2.54974313.107.246.404437684C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:11 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Edge-Asset-Group: Shoreline
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-06 10:32:12 UTC556INHTTP/1.1 200 OK
                                                                          Date: Fri, 06 Sep 2024 10:32:11 GMT
                                                                          Content-Type: application/octet-stream
                                                                          Content-Length: 306698
                                                                          Connection: close
                                                                          Content-Encoding: gzip
                                                                          Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                                                                          ETag: 0x8DBC9B5C40EBFF4
                                                                          x-ms-request-id: a05cbbc2-a01e-0025-3785-fef0b4000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240906T103211Z-16579567576h266g9d6dee9ff80000000dug00000000fm1b
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 0
                                                                          X-Cache: TCP_HIT
                                                                          Accept-Ranges: bytes
                                                                          2024-09-06 10:32:12 UTC15828INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                                                                          Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                                                                          2024-09-06 10:32:12 UTC16384INData Raw: 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c 87 07 e7 d4 da 16 34 27 65 eb d7 87 be 44 96 29 71 b2 3a d6 6b
                                                                          Data Ascii: [T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5QafAp4'eD)q:k
                                                                          2024-09-06 10:32:12 UTC16384INData Raw: 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d d9 e8 78 24 ab 24 51 69 66 82 d7 44 e8 1d cf c8 e2 16 60 37 02
                                                                          Data Ascii: kD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35QTB-x$$QifD`7
                                                                          2024-09-06 10:32:12 UTC16384INData Raw: b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80 6e 30 91 49 05 4e 42 60 22 53 9e 67 6f 08 ac 30 cf 05 cd b5 f5
                                                                          Data Ascii: g9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqPn0INB`"Sgo0
                                                                          2024-09-06 10:32:12 UTC16384INData Raw: 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e 6f 2b 5e 74 f2 ea 6e 17 ed 6d 37 04 2d f5 5a 8e f8 43 2b c3 03
                                                                          Data Ascii: MR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~Cl.Vo+^tnm7-ZC+
                                                                          2024-09-06 10:32:12 UTC16384INData Raw: 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7 4e 60 6b e1 20 c2 ba 99 b8 6d 1e 51 d5 3c d5 da e1 b5 2c a1 ec
                                                                          Data Ascii: yfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\N`k mQ<,
                                                                          2024-09-06 10:32:12 UTC16384INData Raw: 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1 45 bf 50 93 bc bc 7d c3 e9 75 22 5d 68 d9 1e 50 8f 5c 23 a1 36
                                                                          Data Ascii: .Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>JcEP}u"]hP\#6
                                                                          2024-09-06 10:32:12 UTC16384INData Raw: 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03 c6 95 ea 57 bd 73 50 18 1d 54 fb 07 d5 da 41 bd 99 aa 6f 53 85
                                                                          Data Ascii: \m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{OWsPTAoS
                                                                          2024-09-06 10:32:12 UTC16384INData Raw: 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40 65 5d 3f 2f 1b ab ff 79 9a 2b b3 79 5d 62 4f 7c d5 ff 34 22 f6
                                                                          Data Ascii: Jj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vHN@e]?/y+y]bO|4"
                                                                          2024-09-06 10:32:12 UTC16384INData Raw: 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6 cb e9 d4 75 42 52 43 29 e8 e5 94 bf 82 e4 a6 c8 40 37 67 5f 41
                                                                          Data Ascii: dqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%S^?`>uBRC)@7g_A


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          10192.168.2.549745142.250.80.464437684C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:12 UTC561OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                          Host: play.google.com
                                                                          Connection: keep-alive
                                                                          Accept: */*
                                                                          Access-Control-Request-Method: POST
                                                                          Access-Control-Request-Headers: x-goog-authuser
                                                                          Origin: https://accounts.google.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                          Sec-Fetch-Mode: cors
                                                                          Sec-Fetch-Site: same-site
                                                                          Sec-Fetch-Dest: empty
                                                                          Referer: https://accounts.google.com/
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-06 10:32:12 UTC520INHTTP/1.1 200 OK
                                                                          Access-Control-Allow-Origin: https://accounts.google.com
                                                                          Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                          Access-Control-Max-Age: 86400
                                                                          Access-Control-Allow-Credentials: true
                                                                          Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                          Content-Type: text/plain; charset=UTF-8
                                                                          Date: Fri, 06 Sep 2024 10:32:12 GMT
                                                                          Server: Playlog
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          11192.168.2.549744142.250.80.464437684C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:12 UTC561OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                          Host: play.google.com
                                                                          Connection: keep-alive
                                                                          Accept: */*
                                                                          Access-Control-Request-Method: POST
                                                                          Access-Control-Request-Headers: x-goog-authuser
                                                                          Origin: https://accounts.google.com
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                          Sec-Fetch-Mode: cors
                                                                          Sec-Fetch-Site: same-site
                                                                          Sec-Fetch-Dest: empty
                                                                          Referer: https://accounts.google.com/
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-06 10:32:12 UTC520INHTTP/1.1 200 OK
                                                                          Access-Control-Allow-Origin: https://accounts.google.com
                                                                          Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                          Access-Control-Max-Age: 86400
                                                                          Access-Control-Allow-Credentials: true
                                                                          Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                          Content-Type: text/plain; charset=UTF-8
                                                                          Date: Fri, 06 Sep 2024 10:32:12 GMT
                                                                          Server: Playlog
                                                                          Content-Length: 0
                                                                          X-XSS-Protection: 0
                                                                          X-Frame-Options: SAMEORIGIN
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          12192.168.2.549746184.28.90.27443
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:12 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                          Connection: Keep-Alive
                                                                          Accept: */*
                                                                          Accept-Encoding: identity
                                                                          If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                          Range: bytes=0-2147483646
                                                                          User-Agent: Microsoft BITS/7.8
                                                                          Host: fs.microsoft.com
                                                                          2024-09-06 10:32:13 UTC514INHTTP/1.1 200 OK
                                                                          ApiVersion: Distribute 1.1
                                                                          Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                          Content-Type: application/octet-stream
                                                                          ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                          Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                          Server: ECAcc (lpl/EF06)
                                                                          X-CID: 11
                                                                          X-Ms-ApiVersion: Distribute 1.2
                                                                          X-Ms-Region: prod-weu-z1
                                                                          Cache-Control: public, max-age=25972
                                                                          Date: Fri, 06 Sep 2024 10:32:12 GMT
                                                                          Content-Length: 55
                                                                          Connection: close
                                                                          X-CID: 2
                                                                          2024-09-06 10:32:13 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                          Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          13192.168.2.549749142.251.41.44437684C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:13 UTC881OUTGET /favicon.ico HTTP/1.1
                                                                          Host: www.google.com
                                                                          Connection: keep-alive
                                                                          sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                                                                          sec-ch-ua-mobile: ?0
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                          sec-ch-ua-arch: "x86"
                                                                          sec-ch-ua-full-version: "117.0.5938.132"
                                                                          sec-ch-ua-platform-version: "10.0.0"
                                                                          sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"
                                                                          sec-ch-ua-bitness: "64"
                                                                          sec-ch-ua-model: ""
                                                                          sec-ch-ua-wow64: ?0
                                                                          sec-ch-ua-platform: "Windows"
                                                                          Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                          Sec-Fetch-Site: same-site
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: image
                                                                          Referer: https://accounts.google.com/
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-06 10:32:13 UTC705INHTTP/1.1 200 OK
                                                                          Accept-Ranges: bytes
                                                                          Cross-Origin-Resource-Policy: cross-origin
                                                                          Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                                          Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                                          Content-Length: 5430
                                                                          X-Content-Type-Options: nosniff
                                                                          Server: sffe
                                                                          X-XSS-Protection: 0
                                                                          Date: Fri, 06 Sep 2024 09:49:34 GMT
                                                                          Expires: Sat, 14 Sep 2024 09:49:34 GMT
                                                                          Cache-Control: public, max-age=691200
                                                                          Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                                          Content-Type: image/x-icon
                                                                          Vary: Accept-Encoding
                                                                          Age: 2559
                                                                          Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                          Connection: close
                                                                          2024-09-06 10:32:13 UTC685INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                                          Data Ascii: h& ( 0.v]X:X:rY
                                                                          2024-09-06 10:32:13 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a
                                                                          Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                                                          2024-09-06 10:32:13 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff
                                                                          Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                                          2024-09-06 10:32:13 UTC1390INData Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                          Data Ascii: BBBBBBF!4I
                                                                          2024-09-06 10:32:13 UTC575INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                          Data Ascii: $'


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          14192.168.2.54974813.107.246.404437684C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:13 UTC438OUTGET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-06 10:32:13 UTC522INHTTP/1.1 200 OK
                                                                          Date: Fri, 06 Sep 2024 10:32:13 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 1579
                                                                          Connection: close
                                                                          Last-Modified: Fri, 03 Nov 2023 21:43:08 GMT
                                                                          ETag: 0x8DBDCB5DE99522A
                                                                          x-ms-request-id: b82236bc-001e-000a-3bd3-ff718e000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240906T103213Z-165795675762h26c6ze2t4q7600000000dx0000000003zxv
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 69316365
                                                                          X-Cache: TCP_HIT
                                                                          Accept-Ranges: bytes
                                                                          2024-09-06 10:32:13 UTC1579INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 c0 49 44 41 54 78 01 ed 58 4f 8b 5c 45 10 af 7a f3 66 66 15 c5 fd 00 42 66 f2 05 b2 22 c2 1e 54 d6 4f 90 15 c1 63 d8 e0 49 04 37 01 11 11 25 89 e0 d5 04 0f 1a f0 e0 e6 62 c4 cb 1e 44 50 21 b8 df 20 7b f0 4f 6e 1b 4f 8b 20 cc 7a 89 b3 ef 75 57 f9 ab ea 9e 37 cb 66 77 66 36 93 83 84 ad a4 d3 fd de eb 79 fd 7b bf fa 55 75 75 88 4e ed d4 9e 20 5b d9 dc ed 2d df de ed d1 63 34 a6 39 6c e5 fb c1 4a 54 39 2f 42 ab 22 d2 8b 91 54 a2 92 d4 91 63 90 6d 09 74 57 2a fd fc b7 77 9e df a6 47 b4 47 02 b8 f2 f3 60 29
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxXO\EzffBf"TOcI7%bDP! {OnO zuW7fwf6y{UuuN [-c49lJT9/B"TcmtW*wGG`)


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          15192.168.2.54975313.107.246.404437684C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:13 UTC431OUTGET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-06 10:32:13 UTC536INHTTP/1.1 200 OK
                                                                          Date: Fri, 06 Sep 2024 10:32:13 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 1966
                                                                          Connection: close
                                                                          Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT
                                                                          ETag: 0x8DBDCB5EC122A94
                                                                          x-ms-request-id: 25350ece-301e-002b-08d4-fa1cbf000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240906T103213Z-16579567576h9nndaeer0cv35w0000000dr0000000002qeb
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 0
                                                                          X-Cache-Info: L1_T2
                                                                          X-Cache: TCP_HIT
                                                                          Accept-Ranges: bytes
                                                                          2024-09-06 10:32:13 UTC1966INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNnt*w<T:A*-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          16192.168.2.54975613.107.246.404437684C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:13 UTC433OUTGET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-06 10:32:13 UTC536INHTTP/1.1 200 OK
                                                                          Date: Fri, 06 Sep 2024 10:32:13 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 1751
                                                                          Connection: close
                                                                          Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT
                                                                          ETag: 0x8DBCEA8D5AACC85
                                                                          x-ms-request-id: 1e6d2d82-a01e-0061-7c30-fe2cd8000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240906T103213Z-16579567576phhfj0h0z9mnmag0000000dgg00000000fq7d
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 0
                                                                          X-Cache-Info: L1_T2
                                                                          X-Cache: TCP_HIT
                                                                          Accept-Ranges: bytes
                                                                          2024-09-06 10:32:13 UTC1751INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          17192.168.2.54975213.107.246.404437684C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:13 UTC433OUTGET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-06 10:32:13 UTC536INHTTP/1.1 200 OK
                                                                          Date: Fri, 06 Sep 2024 10:32:13 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 1427
                                                                          Connection: close
                                                                          Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT
                                                                          ETag: 0x8DBDCB5EF021F8E
                                                                          x-ms-request-id: 493a985f-801e-0076-6330-feecbb000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240906T103213Z-16579567576phhfj0h0z9mnmag0000000dg000000000gdb7
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 0
                                                                          X-Cache-Info: L1_T2
                                                                          X-Cache: TCP_HIT
                                                                          Accept-Ranges: bytes
                                                                          2024-09-06 10:32:13 UTC1427INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          18192.168.2.54975513.107.246.404437684C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:13 UTC430OUTGET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-06 10:32:13 UTC543INHTTP/1.1 200 OK
                                                                          Date: Fri, 06 Sep 2024 10:32:13 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 2008
                                                                          Connection: close
                                                                          Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT
                                                                          ETag: 0x8DBC9B5C0C17219
                                                                          x-ms-request-id: 99f39b71-d01e-004c-0354-ffaf18000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240906T103213Z-165795675762h26c6ze2t4q7600000000ds000000000eck4
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 69316365
                                                                          X-Cache: TCP_HIT
                                                                          X-Cache-Info: L1_T2
                                                                          Accept-Ranges: bytes
                                                                          2024-09-06 10:32:13 UTC2008INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          19192.168.2.54975413.107.246.404437684C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:13 UTC422OUTGET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-06 10:32:13 UTC536INHTTP/1.1 200 OK
                                                                          Date: Fri, 06 Sep 2024 10:32:13 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 2229
                                                                          Connection: close
                                                                          Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT
                                                                          ETag: 0x8DBD59359A9E77B
                                                                          x-ms-request-id: 453f1ddb-801e-005f-6ffe-fa9af9000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240906T103213Z-165795675762gt5gbs4b9bazh80000000dm0000000004n1x
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 0
                                                                          X-Cache-Info: L1_T2
                                                                          X-Cache: TCP_HIT
                                                                          Accept-Ranges: bytes
                                                                          2024-09-06 10:32:13 UTC2229INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          20192.168.2.54975813.107.246.404437684C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:14 UTC425OUTGET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-06 10:32:14 UTC543INHTTP/1.1 200 OK
                                                                          Date: Fri, 06 Sep 2024 10:32:14 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 1154
                                                                          Connection: close
                                                                          Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT
                                                                          ETag: 0x8DBD5935D5B3965
                                                                          x-ms-request-id: d980f417-701e-004a-5a07-ff5860000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240906T103214Z-165795675762gt5gbs4b9bazh80000000dn00000000029y9
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 69316365
                                                                          X-Cache: TCP_HIT
                                                                          X-Cache-Info: L1_T2
                                                                          Accept-Ranges: bytes
                                                                          2024-09-06 10:32:14 UTC1154INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          21192.168.2.54976013.107.246.404437684C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:14 UTC431OUTGET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-06 10:32:14 UTC522INHTTP/1.1 200 OK
                                                                          Date: Fri, 06 Sep 2024 10:32:14 GMT
                                                                          Content-Type: image/png
                                                                          Content-Length: 1468
                                                                          Connection: close
                                                                          Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT
                                                                          ETag: 0x8DBDCB5E23DFC43
                                                                          x-ms-request-id: f8a0931b-601e-0038-3afc-fe295e000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240906T103214Z-16579567576mj4tcuw5tk3rrkw000000032g000000002w9v
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 69316365
                                                                          X-Cache: TCP_HIT
                                                                          Accept-Ranges: bytes
                                                                          2024-09-06 10:32:14 UTC1468INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6
                                                                          Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          22192.168.2.54976413.107.246.404437684C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:14 UTC478OUTGET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1
                                                                          Host: edgeassetservice.azureedge.net
                                                                          Connection: keep-alive
                                                                          Edge-Asset-Group: ProductCategories
                                                                          Sec-Fetch-Site: none
                                                                          Sec-Fetch-Mode: no-cors
                                                                          Sec-Fetch-Dest: empty
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-06 10:32:15 UTC559INHTTP/1.1 200 OK
                                                                          Date: Fri, 06 Sep 2024 10:32:14 GMT
                                                                          Content-Type: application/octet-stream
                                                                          Content-Length: 82989
                                                                          Connection: close
                                                                          Last-Modified: Thu, 25 May 2023 20:28:02 GMT
                                                                          ETag: 0x8DB5D5E89CE25EB
                                                                          x-ms-request-id: f9285315-801e-0010-24d3-ff5ee1000000
                                                                          x-ms-version: 2009-09-19
                                                                          x-ms-lease-status: unlocked
                                                                          x-ms-blob-type: BlockBlob
                                                                          x-azure-ref: 20240906T103214Z-16579567576l4p9bs8an1npq1n0000000dfg00000000bhn1
                                                                          Cache-Control: public, max-age=604800
                                                                          x-fd-int-roxy-purgeid: 69316365
                                                                          X-Cache: TCP_HIT
                                                                          X-Cache-Info: L1_T2
                                                                          Accept-Ranges: bytes
                                                                          2024-09-06 10:32:15 UTC15825INData Raw: 0a 22 08 f2 33 12 1d 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0d 42 65 6c 74 73 20 26 20 48 6f 73 65 73 0a 23 08 d7 2b 12 1e 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 09 41 69 72 20 50 75 6d 70 73 0a 21 08 b8 22 12 1c 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0c 42 6f 64 79 20 53 74 79 6c 69 6e 67 0a 34 08 c3 35 12 2f 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 13 53 70 69 63 65 73 20 26 20 53 65 61 73 6f 6e 69 6e 67 73 0a 27 08 a4 2c 12 22 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 47 65 61 72 0a 21 08 f5 36 12 1c 0a 0d 4c 61 77 6e 20 26 20 47 61 72 64 65 6e 12 0b 48 79 64 72 6f 70 6f 6e 69 63 73 0a 39 08 61 12 35 0a 11 42 6f 6f 6b 73 20 26 20 4d
                                                                          Data Ascii: "3Car & GarageBelts & Hoses#+Sports & OutdoorsAir Pumps!"Car & GarageBody Styling45/Gourmet Food & ChocolateSpices & Seasonings',"Sports & OutdoorsSleeping Gear!6Lawn & GardenHydroponics9a5Books & M
                                                                          2024-09-06 10:32:15 UTC16384INData Raw: 69 64 65 6f 20 47 61 6d 65 73 12 1b 4e 69 6e 74 65 6e 64 6f 20 53 79 73 74 65 6d 20 41 63 63 65 73 73 6f 72 69 65 73 0a 20 08 a2 26 12 1b 0a 10 54 6f 6f 6c 73 20 26 20 48 61 72 64 77 61 72 65 12 07 54 6f 69 6c 65 74 73 0a 2c 08 f3 28 12 27 0a 14 4b 69 74 63 68 65 6e 20 26 20 48 6f 75 73 65 77 61 72 65 73 12 0f 45 6c 65 63 74 72 69 63 20 4d 69 78 65 72 73 0a 21 08 c0 32 12 1c 0a 04 54 6f 79 73 12 14 53 61 6e 64 62 6f 78 20 26 20 42 65 61 63 68 20 54 6f 79 73 0a 35 08 a5 25 12 30 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 14 53 65 61 66 6f 6f 64 20 43 6f 6d 62 69 6e 61 74 69 6f 6e 73 0a 24 08 d7 27 12 1f 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 0b 43 61 6b 65 20 53 74 61 6e 64 73 0a 2e 08 a4 28 12 29 0a
                                                                          Data Ascii: ideo GamesNintendo System Accessories &Tools & HardwareToilets,('Kitchen & HousewaresElectric Mixers!2ToysSandbox & Beach Toys5%0Gourmet Food & ChocolateSeafood Combinations$'Home FurnishingsCake Stands.()
                                                                          2024-09-06 10:32:15 UTC16384INData Raw: 26 20 47 61 72 61 67 65 12 1c 44 72 69 76 65 77 61 79 20 26 20 47 61 72 61 67 65 20 46 6c 6f 6f 72 20 43 61 72 65 0a 25 08 f0 2a 12 20 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 0d 50 61 70 65 72 20 50 75 6e 63 68 65 73 0a 2d 08 c1 2c 12 28 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 13 42 69 63 79 63 6c 65 20 41 63 63 65 73 73 6f 72 69 65 73 0a 22 08 a2 27 12 1d 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 09 4e 6f 76 65 6c 74 69 65 73 0a 16 08 f3 29 12 11 0a 05 4d 75 73 69 63 12 08 45 78 65 72 63 69 73 65 0a 22 08 8e 31 12 1d 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 08 53 77 69 6d 6d 69 6e 67 0a 26 08 d4 21 12 21 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 0b 4d 61 6b 65 75 70
                                                                          Data Ascii: & GarageDriveway & Garage Floor Care%* Office ProductsPaper Punches-,(Sports & OutdoorsBicycle Accessories"'Home FurnishingsNovelties)MusicExercise"1Sports & OutdoorsSwimming&!!Beauty & FragranceMakeup
                                                                          2024-09-06 10:32:15 UTC16384INData Raw: 6f 63 6b 20 50 61 72 74 73 0a 1b 08 be 29 12 16 0a 0d 4c 61 77 6e 20 26 20 47 61 72 64 65 6e 12 05 42 75 6c 62 73 0a 21 08 a3 21 12 1c 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 06 4d 61 6b 65 75 70 0a 2d 08 49 12 29 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 14 42 75 73 69 6e 65 73 73 20 26 20 45 63 6f 6e 6f 6d 69 63 73 0a 23 08 d5 23 12 1e 0a 09 43 6f 6d 70 75 74 69 6e 67 12 11 45 78 70 61 6e 73 69 6f 6e 20 4d 6f 64 75 6c 65 73 0a 2f 08 a2 24 12 2a 0a 0b 45 6c 65 63 74 72 6f 6e 69 63 73 12 1b 43 44 20 50 6c 61 79 65 72 73 20 26 20 53 74 65 72 65 6f 20 53 79 73 74 65 6d 73 0a 1f 08 d4 26 12 1a 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 06 51 75 69 6c 74 73 0a 22 08 86 23 12 1d 0a 10 43 6c 6f 74 68 69 6e
                                                                          Data Ascii: ock Parts)Lawn & GardenBulbs!!Beauty & FragranceMakeup-I)Books & MagazinesBusiness & Economics##ComputingExpansion Modules/$*ElectronicsCD Players & Stereo Systems&Home FurnishingsQuilts"#Clothin
                                                                          2024-09-06 10:32:15 UTC16384INData Raw: 65 72 73 0a 27 08 a6 2c 12 22 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 42 61 67 73 0a 24 08 bd 21 12 1f 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 09 46 72 61 67 72 61 6e 63 65 0a 28 08 63 12 24 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 0f 4d 75 73 69 63 20 4d 61 67 61 7a 69 6e 65 73 0a 1e 08 8a 2b 12 19 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 06 52 75 6c 65 72 73 0a 2d 08 a9 33 12 28 0a 09 43 6f 6d 70 75 74 69 6e 67 12 1b 50 72 69 6e 74 65 72 20 50 61 72 74 73 20 26 20 41 74 74 61 63 68 6d 65 6e 74 73 0a 27 08 ef 23 12 22 0a 09 43 6f 6d 70 75 74 69 6e 67 12 15 54 68 69 6e 20 43 6c 69 65 6e 74 20 43 6f 6d 70 75 74 65 72 73 0a 37 08 bc 24 12 32 0a 0b 45 6c
                                                                          Data Ascii: ers',"Sports & OutdoorsSleeping Bags$!Beauty & FragranceFragrance(c$Books & MagazinesMusic Magazines+Office ProductsRulers-3(ComputingPrinter Parts & Attachments'#"ComputingThin Client Computers7$2El
                                                                          2024-09-06 10:32:15 UTC1628INData Raw: 0b 44 56 44 20 50 6c 61 79 65 72 73 0a 34 08 dc 36 12 2f 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 1f 53 6e 6f 77 6d 6f 62 69 6c 65 20 26 20 41 54 56 20 53 6b 69 73 20 26 20 52 75 6e 6e 65 72 73 0a 23 08 a2 21 12 1e 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 08 54 77 65 65 7a 65 72 73 0a 30 08 8e 33 12 2b 0a 0c 50 65 74 20 53 75 70 70 6c 69 65 73 12 1b 50 65 74 20 48 61 62 69 74 61 74 20 26 20 43 61 67 65 20 53 75 70 70 6c 69 65 73 0a 29 08 d4 23 12 24 0a 09 43 6f 6d 70 75 74 69 6e 67 12 17 44 69 67 69 74 61 6c 20 4d 65 64 69 61 20 52 65 63 65 69 76 65 72 73 0a 2a 08 f3 2b 12 25 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 10 42 6f 61 74 20 4d 61 69 6e 74 65 6e 61 6e 63 65 0a 22 08 d7 26 12 1d 0a 10 48 6f 6d 65 20 46
                                                                          Data Ascii: DVD Players46/Car & GarageSnowmobile & ATV Skis & Runners#!Beauty & FragranceTweezers03+Pet SuppliesPet Habitat & Cage Supplies)#$ComputingDigital Media Receivers*+%Sports & OutdoorsBoat Maintenance"&Home F


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          23192.168.2.54976720.12.23.50443
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:20 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=kRd+8N8XNlUL4Xo&MD=U1Kl3m5H HTTP/1.1
                                                                          Connection: Keep-Alive
                                                                          Accept: */*
                                                                          User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                          Host: slscr.update.microsoft.com
                                                                          2024-09-06 10:32:20 UTC560INHTTP/1.1 200 OK
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Content-Type: application/octet-stream
                                                                          Expires: -1
                                                                          Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                          ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                          MS-CorrelationId: 1a0e2d45-9284-41db-9198-c32cda2891b3
                                                                          MS-RequestId: d21ce7f3-33d0-4410-9cf1-ad55cf53b8a3
                                                                          MS-CV: 7dI5qRlmI0OUxnWo.0
                                                                          X-Microsoft-SLSClientCache: 2880
                                                                          Content-Disposition: attachment; filename=environment.cab
                                                                          X-Content-Type-Options: nosniff
                                                                          Date: Fri, 06 Sep 2024 10:32:20 GMT
                                                                          Connection: close
                                                                          Content-Length: 24490
                                                                          2024-09-06 10:32:20 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                          Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                          2024-09-06 10:32:20 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                          Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          24192.168.2.54995513.85.23.86443
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:32:47 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=kRd+8N8XNlUL4Xo&MD=U1Kl3m5H HTTP/1.1
                                                                          Connection: Keep-Alive
                                                                          Accept: */*
                                                                          User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                          Host: slscr.update.microsoft.com
                                                                          2024-09-06 10:32:48 UTC560INHTTP/1.1 200 OK
                                                                          Cache-Control: no-cache
                                                                          Pragma: no-cache
                                                                          Content-Type: application/octet-stream
                                                                          Expires: -1
                                                                          Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                          ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                          MS-CorrelationId: 2c03a7fc-3c2b-40d1-b821-7a0fd4fc647b
                                                                          MS-RequestId: 104f380b-e7ef-4713-a226-e8f6545fefc8
                                                                          MS-CV: P9oDytxP3kGLM2Fk.0
                                                                          X-Microsoft-SLSClientCache: 1440
                                                                          Content-Disposition: attachment; filename=environment.cab
                                                                          X-Content-Type-Options: nosniff
                                                                          Date: Fri, 06 Sep 2024 10:32:47 GMT
                                                                          Connection: close
                                                                          Content-Length: 30005
                                                                          2024-09-06 10:32:48 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                          Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                          2024-09-06 10:32:48 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                          Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                          25192.168.2.54995723.55.235.1704437684C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          TimestampBytes transferredDirectionData
                                                                          2024-09-06 10:33:07 UTC442OUTOPTIONS /api/report?cat=bingbusiness HTTP/1.1
                                                                          Host: bzib.nelreports.net
                                                                          Connection: keep-alive
                                                                          Origin: https://business.bing.com
                                                                          Access-Control-Request-Method: POST
                                                                          Access-Control-Request-Headers: content-type
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                          Accept-Encoding: gzip, deflate, br
                                                                          Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                          2024-09-06 10:33:07 UTC331INHTTP/1.1 429 Too Many Requests
                                                                          Content-Length: 0
                                                                          Date: Fri, 06 Sep 2024 10:33:07 GMT
                                                                          Connection: close
                                                                          PMUSER_FORMAT_QS:
                                                                          X-CDN-TraceId: 0.a6eb3717.1725618787.2525b4d
                                                                          Access-Control-Allow-Credentials: false
                                                                          Access-Control-Allow-Methods: *
                                                                          Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                                          Access-Control-Allow-Origin: *


                                                                          Click to jump to process

                                                                          Click to jump to process

                                                                          Click to dive into process behavior distribution

                                                                          Click to jump to process

                                                                          Target ID:0
                                                                          Start time:06:32:01
                                                                          Start date:06/09/2024
                                                                          Path:C:\Users\user\Desktop\file.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                                                          Imagebase:0xaf0000
                                                                          File size:917'504 bytes
                                                                          MD5 hash:DF302225C2EF4A150C48FA19BFA69EF1
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:low
                                                                          Has exited:true

                                                                          Target ID:1
                                                                          Start time:06:32:01
                                                                          Start date:06/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                          Imagebase:0x7ff6c1cf0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          Target ID:2
                                                                          Start time:06:32:01
                                                                          Start date:06/09/2024
                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                          Imagebase:0x7ff79f9e0000
                                                                          File size:676'768 bytes
                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          Target ID:4
                                                                          Start time:06:32:02
                                                                          Start date:06/09/2024
                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
                                                                          Imagebase:0x7ff79f9e0000
                                                                          File size:676'768 bytes
                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:true

                                                                          Target ID:6
                                                                          Start time:06:32:02
                                                                          Start date:06/09/2024
                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                          Imagebase:0x7ff79f9e0000
                                                                          File size:676'768 bytes
                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:false

                                                                          Target ID:7
                                                                          Start time:06:32:02
                                                                          Start date:06/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2068,i,5020802351370536998,15262219808379348083,262144 /prefetch:3
                                                                          Imagebase:0x7ff6c1cf0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          Target ID:8
                                                                          Start time:06:32:02
                                                                          Start date:06/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                          Imagebase:0x7ff6c1cf0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:false

                                                                          Target ID:9
                                                                          Start time:06:32:03
                                                                          Start date:06/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2972 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:3
                                                                          Imagebase:0x7ff6c1cf0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:false

                                                                          Target ID:13
                                                                          Start time:06:32:07
                                                                          Start date:06/09/2024
                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2248 -parentBuildID 20230927232528 -prefsHandle 2192 -prefMapHandle 2184 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13c17ad6-1eb2-4955-9856-7bf69971fb7d} 2820 "\\.\pipe\gecko-crash-server-pipe.2820" 20d57b6e510 socket
                                                                          Imagebase:0x7ff79f9e0000
                                                                          File size:676'768 bytes
                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high
                                                                          Has exited:false

                                                                          Target ID:14
                                                                          Start time:06:32:08
                                                                          Start date:06/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6968 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8
                                                                          Imagebase:0x7ff6c1cf0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          Target ID:15
                                                                          Start time:06:32:08
                                                                          Start date:06/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=7156 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8
                                                                          Imagebase:0x7ff6c1cf0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:true

                                                                          Target ID:16
                                                                          Start time:06:32:10
                                                                          Start date:06/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=7492 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8
                                                                          Imagebase:0x7ff6c1cf0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate
                                                                          Has exited:false

                                                                          Target ID:17
                                                                          Start time:06:32:10
                                                                          Start date:06/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7388 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8
                                                                          Imagebase:0x7ff6c1cf0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          Target ID:18
                                                                          Start time:06:32:12
                                                                          Start date:06/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7372 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8
                                                                          Imagebase:0x7ff6c1cf0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:true

                                                                          Target ID:19
                                                                          Start time:06:32:12
                                                                          Start date:06/09/2024
                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4576 -parentBuildID 20230927232528 -prefsHandle 4568 -prefMapHandle 4564 -prefsLen 26338 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee4f6238-5873-40cd-9a85-d99669e8d9c0} 2820 "\\.\pipe\gecko-crash-server-pipe.2820" 20d6a8f4a10 rdd
                                                                          Imagebase:0x7ff79f9e0000
                                                                          File size:676'768 bytes
                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:false

                                                                          Target ID:23
                                                                          Start time:06:33:03
                                                                          Start date:06/09/2024
                                                                          Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=8232 --field-trial-handle=2044,i,8336330898998492933,5823720723646405335,262144 /prefetch:8
                                                                          Imagebase:0x7ff6c1cf0000
                                                                          File size:4'210'216 bytes
                                                                          MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                          Has elevated privileges:false
                                                                          Has administrator privileges:false
                                                                          Programmed in:C, C++ or other language
                                                                          Has exited:false

                                                                          Reset < >

                                                                            Execution Graph

                                                                            Execution Coverage:1.9%
                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                            Signature Coverage:4.9%
                                                                            Total number of Nodes:1417
                                                                            Total number of Limit Nodes:50
                                                                            execution_graph 95460 b43f75 95471 b0ceb1 95460->95471 95462 b43f8b 95463 b44006 95462->95463 95538 b0e300 23 API calls 95462->95538 95480 afbf40 95463->95480 95467 b43fe6 95470 b44052 95467->95470 95539 b61abf 22 API calls 95467->95539 95468 b44a88 95470->95468 95540 b6359c 82 API calls __wsopen_s 95470->95540 95472 b0ced2 95471->95472 95473 b0cebf 95471->95473 95475 b0cf05 95472->95475 95476 b0ced7 95472->95476 95541 afaceb 23 API calls ISource 95473->95541 95552 afaceb 23 API calls ISource 95475->95552 95542 b0fddb 95476->95542 95479 b0cec9 95479->95462 95565 afadf0 95480->95565 95482 afbf9d 95483 b404b6 95482->95483 95484 afbfa9 95482->95484 95594 b6359c 82 API calls __wsopen_s 95483->95594 95486 afc01e 95484->95486 95487 b404c6 95484->95487 95570 afac91 95486->95570 95595 b6359c 82 API calls __wsopen_s 95487->95595 95490 afc7da 95583 b0fe0b 95490->95583 95496 b404f5 95500 b4055a 95496->95500 95596 b0d217 185 API calls 95496->95596 95499 b0fddb 22 API calls 95535 afc039 ISource __fread_nolock 95499->95535 95524 afc603 95500->95524 95597 b6359c 82 API calls __wsopen_s 95500->95597 95501 b0fe0b 22 API calls 95536 afc350 ISource __fread_nolock 95501->95536 95502 afaf8a 22 API calls 95502->95535 95503 b57120 22 API calls 95503->95535 95504 afc808 __fread_nolock 95504->95501 95505 b4091a 95631 b63209 23 API calls 95505->95631 95508 afec40 185 API calls 95508->95535 95509 b408a5 95605 afec40 95509->95605 95511 b408cf 95511->95524 95629 afa81b 41 API calls 95511->95629 95513 b40591 95598 b6359c 82 API calls __wsopen_s 95513->95598 95514 b408f6 95630 b6359c 82 API calls __wsopen_s 95514->95630 95518 afbbe0 40 API calls 95518->95535 95520 afc237 95522 afc253 95520->95522 95632 afa8c7 22 API calls __fread_nolock 95520->95632 95526 b40976 95522->95526 95530 afc297 ISource 95522->95530 95524->95470 95525 b0fe0b 22 API calls 95525->95535 95633 afaceb 23 API calls ISource 95526->95633 95529 b409bf 95529->95524 95634 b6359c 82 API calls __wsopen_s 95529->95634 95530->95529 95581 afaceb 23 API calls ISource 95530->95581 95532 afc335 95532->95529 95533 afc342 95532->95533 95582 afa704 22 API calls ISource 95533->95582 95535->95490 95535->95496 95535->95499 95535->95500 95535->95502 95535->95503 95535->95504 95535->95505 95535->95508 95535->95509 95535->95513 95535->95514 95535->95518 95535->95520 95535->95524 95535->95525 95535->95529 95574 afad81 95535->95574 95599 b57099 22 API calls __fread_nolock 95535->95599 95600 b75745 54 API calls _wcslen 95535->95600 95601 b0aa42 22 API calls ISource 95535->95601 95602 b5f05c 40 API calls 95535->95602 95603 afa993 41 API calls 95535->95603 95604 afaceb 23 API calls ISource 95535->95604 95537 afc3ac 95536->95537 95593 b0ce17 22 API calls ISource 95536->95593 95537->95470 95538->95467 95539->95463 95540->95468 95541->95479 95544 b0fde0 95542->95544 95545 b0fdfa 95544->95545 95548 b0fdfc 95544->95548 95553 b1ea0c 95544->95553 95560 b14ead 7 API calls 2 library calls 95544->95560 95545->95479 95547 b1066d 95562 b132a4 RaiseException 95547->95562 95548->95547 95561 b132a4 RaiseException 95548->95561 95551 b1068a 95551->95479 95552->95479 95559 b23820 _free 95553->95559 95554 b2385e 95564 b1f2d9 20 API calls _free 95554->95564 95556 b23849 RtlAllocateHeap 95557 b2385c 95556->95557 95556->95559 95557->95544 95559->95554 95559->95556 95563 b14ead 7 API calls 2 library calls 95559->95563 95560->95544 95561->95547 95562->95551 95563->95559 95564->95557 95566 afae01 95565->95566 95569 afae1c ISource 95565->95569 95635 afaec9 95566->95635 95568 afae09 CharUpperBuffW 95568->95569 95569->95482 95571 afacae 95570->95571 95572 afacd1 95571->95572 95641 b6359c 82 API calls __wsopen_s 95571->95641 95572->95535 95575 b3fadb 95574->95575 95576 afad92 95574->95576 95577 b0fddb 22 API calls 95576->95577 95578 afad99 95577->95578 95642 afadcd 95578->95642 95581->95532 95582->95536 95585 b0fddb 95583->95585 95584 b1ea0c ___std_exception_copy 21 API calls 95584->95585 95585->95584 95586 b0fdfa 95585->95586 95589 b0fdfc 95585->95589 95655 b14ead 7 API calls 2 library calls 95585->95655 95586->95504 95588 b1066d 95657 b132a4 RaiseException 95588->95657 95589->95588 95656 b132a4 RaiseException 95589->95656 95592 b1068a 95592->95504 95593->95536 95594->95487 95595->95524 95596->95500 95597->95524 95598->95524 95599->95535 95600->95535 95601->95535 95602->95535 95603->95535 95604->95535 95607 afec76 ISource 95605->95607 95606 b100a3 29 API calls pre_c_initialization 95606->95607 95607->95606 95608 affef7 95607->95608 95610 b0fddb 22 API calls 95607->95610 95612 b44b0b 95607->95612 95613 b44600 95607->95613 95618 afa8c7 22 API calls 95607->95618 95620 b10242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 95607->95620 95621 affbe3 95607->95621 95622 afa961 22 API calls 95607->95622 95625 b44beb 95607->95625 95626 b101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 95607->95626 95627 afed9d ISource 95607->95627 95628 aff3ae ISource 95607->95628 95658 b001e0 185 API calls 2 library calls 95607->95658 95659 b006a0 41 API calls ISource 95607->95659 95608->95627 95661 afa8c7 22 API calls __fread_nolock 95608->95661 95610->95607 95663 b6359c 82 API calls __wsopen_s 95612->95663 95613->95627 95660 afa8c7 22 API calls __fread_nolock 95613->95660 95618->95607 95620->95607 95623 b44bdc 95621->95623 95621->95627 95621->95628 95622->95607 95664 b6359c 82 API calls __wsopen_s 95623->95664 95665 b6359c 82 API calls __wsopen_s 95625->95665 95626->95607 95627->95511 95628->95627 95662 b6359c 82 API calls __wsopen_s 95628->95662 95629->95514 95630->95524 95631->95520 95632->95522 95633->95529 95634->95524 95636 afaedc 95635->95636 95640 afaed9 __fread_nolock 95635->95640 95637 b0fddb 22 API calls 95636->95637 95638 afaee7 95637->95638 95639 b0fe0b 22 API calls 95638->95639 95639->95640 95640->95568 95641->95572 95645 afaddd 95642->95645 95643 afadb6 95643->95535 95644 b0fddb 22 API calls 95644->95645 95645->95643 95645->95644 95648 afadcd 22 API calls 95645->95648 95649 afa961 95645->95649 95654 afa8c7 22 API calls __fread_nolock 95645->95654 95648->95645 95650 b0fe0b 22 API calls 95649->95650 95651 afa976 95650->95651 95652 b0fddb 22 API calls 95651->95652 95653 afa984 95652->95653 95653->95645 95654->95645 95655->95585 95656->95588 95657->95592 95658->95607 95659->95607 95660->95627 95661->95627 95662->95627 95663->95627 95664->95625 95665->95627 95666 af1cad SystemParametersInfoW 95667 b103fb 95668 b10407 ___BuildCatchObject 95667->95668 95696 b0feb1 95668->95696 95670 b1040e 95671 b10561 95670->95671 95674 b10438 95670->95674 95726 b1083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 95671->95726 95673 b10568 95719 b14e52 95673->95719 95685 b10477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 95674->95685 95707 b2247d 95674->95707 95681 b10457 95683 b104d8 95715 b10959 95683->95715 95685->95683 95722 b14e1a 38 API calls 3 library calls 95685->95722 95687 b104de 95688 b104f3 95687->95688 95723 b10992 GetModuleHandleW 95688->95723 95690 b104fa 95690->95673 95691 b104fe 95690->95691 95692 b10507 95691->95692 95724 b14df5 28 API calls _abort 95691->95724 95725 b10040 13 API calls 2 library calls 95692->95725 95695 b1050f 95695->95681 95697 b0feba 95696->95697 95728 b10698 IsProcessorFeaturePresent 95697->95728 95699 b0fec6 95729 b12c94 10 API calls 3 library calls 95699->95729 95701 b0fecb 95702 b0fecf 95701->95702 95730 b22317 95701->95730 95702->95670 95705 b0fee6 95705->95670 95710 b22494 95707->95710 95708 b10a8c _ValidateLocalCookies 5 API calls 95709 b10451 95708->95709 95709->95681 95711 b22421 95709->95711 95710->95708 95712 b22450 95711->95712 95713 b10a8c _ValidateLocalCookies 5 API calls 95712->95713 95714 b22479 95713->95714 95714->95685 95805 b12340 95715->95805 95717 b1096c GetStartupInfoW 95718 b1097f 95717->95718 95718->95687 95807 b14bcf 95719->95807 95722->95683 95723->95690 95724->95692 95725->95695 95726->95673 95728->95699 95729->95701 95734 b2d1f6 95730->95734 95733 b12cbd 8 API calls 3 library calls 95733->95702 95735 b2d213 95734->95735 95736 b2d20f 95734->95736 95735->95736 95740 b24bfb 95735->95740 95752 b10a8c 95736->95752 95738 b0fed8 95738->95705 95738->95733 95741 b24c07 ___BuildCatchObject 95740->95741 95759 b22f5e EnterCriticalSection 95741->95759 95743 b24c0e 95760 b250af 95743->95760 95745 b24c1d 95746 b24c2c 95745->95746 95773 b24a8f 29 API calls 95745->95773 95775 b24c48 LeaveCriticalSection _abort 95746->95775 95749 b24c3d __fread_nolock 95749->95735 95750 b24c27 95774 b24b45 GetStdHandle GetFileType 95750->95774 95753 b10a95 95752->95753 95754 b10a97 IsProcessorFeaturePresent 95752->95754 95753->95738 95756 b10c5d 95754->95756 95804 b10c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 95756->95804 95758 b10d40 95758->95738 95759->95743 95761 b250bb ___BuildCatchObject 95760->95761 95762 b250c8 95761->95762 95763 b250df 95761->95763 95784 b1f2d9 20 API calls _free 95762->95784 95776 b22f5e EnterCriticalSection 95763->95776 95766 b250cd 95785 b227ec 26 API calls __fread_nolock 95766->95785 95767 b250eb 95772 b25117 95767->95772 95777 b25000 95767->95777 95770 b250d7 __fread_nolock 95770->95745 95786 b2513e LeaveCriticalSection _abort 95772->95786 95773->95750 95774->95746 95775->95749 95776->95767 95787 b24c7d 95777->95787 95779 b2501f 95795 b229c8 95779->95795 95782 b25071 95782->95767 95783 b25012 95783->95779 95794 b23405 11 API calls 2 library calls 95783->95794 95784->95766 95785->95770 95786->95770 95792 b24c8a _free 95787->95792 95788 b24cca 95802 b1f2d9 20 API calls _free 95788->95802 95789 b24cb5 RtlAllocateHeap 95790 b24cc8 95789->95790 95789->95792 95790->95783 95792->95788 95792->95789 95801 b14ead 7 API calls 2 library calls 95792->95801 95794->95783 95796 b229d3 RtlFreeHeap 95795->95796 95797 b229fc _free 95795->95797 95796->95797 95798 b229e8 95796->95798 95797->95782 95803 b1f2d9 20 API calls _free 95798->95803 95800 b229ee GetLastError 95800->95797 95801->95792 95802->95790 95803->95800 95804->95758 95806 b12357 95805->95806 95806->95717 95806->95806 95808 b14bdb CallUnexpected 95807->95808 95809 b14be2 95808->95809 95810 b14bf4 95808->95810 95846 b14d29 GetModuleHandleW 95809->95846 95831 b22f5e EnterCriticalSection 95810->95831 95813 b14be7 95813->95810 95847 b14d6d GetModuleHandleExW 95813->95847 95818 b14bfb 95826 b14c99 95818->95826 95828 b14c70 95818->95828 95832 b221a8 95818->95832 95819 b14ce2 95855 b31d29 5 API calls _ValidateLocalCookies 95819->95855 95820 b14cb6 95838 b14ce8 95820->95838 95821 b22421 _abort 5 API calls 95821->95826 95825 b22421 _abort 5 API calls 95830 b14c88 95825->95830 95835 b14cd9 95826->95835 95828->95825 95828->95830 95830->95821 95831->95818 95856 b21ee1 95832->95856 95875 b22fa6 LeaveCriticalSection 95835->95875 95837 b14cb2 95837->95819 95837->95820 95876 b2360c 95838->95876 95841 b14d16 95844 b14d6d _abort 8 API calls 95841->95844 95842 b14cf6 GetPEB 95842->95841 95843 b14d06 GetCurrentProcess TerminateProcess 95842->95843 95843->95841 95845 b14d1e ExitProcess 95844->95845 95846->95813 95848 b14d97 GetProcAddress 95847->95848 95849 b14dba 95847->95849 95852 b14dac 95848->95852 95850 b14dc0 FreeLibrary 95849->95850 95851 b14dc9 95849->95851 95850->95851 95853 b10a8c _ValidateLocalCookies 5 API calls 95851->95853 95852->95849 95854 b14bf3 95853->95854 95854->95810 95859 b21e90 95856->95859 95858 b21f05 95858->95828 95860 b21e9c ___BuildCatchObject 95859->95860 95867 b22f5e EnterCriticalSection 95860->95867 95862 b21eaa 95868 b21f31 95862->95868 95866 b21ec8 __fread_nolock 95866->95858 95867->95862 95871 b21f59 95868->95871 95872 b21f51 95868->95872 95869 b10a8c _ValidateLocalCookies 5 API calls 95870 b21eb7 95869->95870 95874 b21ed5 LeaveCriticalSection _abort 95870->95874 95871->95872 95873 b229c8 _free 20 API calls 95871->95873 95872->95869 95873->95872 95874->95866 95875->95837 95877 b23631 95876->95877 95878 b23627 95876->95878 95883 b22fd7 5 API calls 2 library calls 95877->95883 95880 b10a8c _ValidateLocalCookies 5 API calls 95878->95880 95881 b14cf2 95880->95881 95881->95841 95881->95842 95882 b23648 95882->95878 95883->95882 95884 af1044 95889 af10f3 95884->95889 95886 af104a 95925 b100a3 29 API calls __onexit 95886->95925 95888 af1054 95926 af1398 95889->95926 95893 af116a 95894 afa961 22 API calls 95893->95894 95895 af1174 95894->95895 95896 afa961 22 API calls 95895->95896 95897 af117e 95896->95897 95898 afa961 22 API calls 95897->95898 95899 af1188 95898->95899 95900 afa961 22 API calls 95899->95900 95901 af11c6 95900->95901 95902 afa961 22 API calls 95901->95902 95903 af1292 95902->95903 95936 af171c 95903->95936 95907 af12c4 95908 afa961 22 API calls 95907->95908 95909 af12ce 95908->95909 95957 b01940 95909->95957 95911 af12f9 95967 af1aab 95911->95967 95913 af1315 95914 af1325 GetStdHandle 95913->95914 95915 af137a 95914->95915 95916 b32485 95914->95916 95920 af1387 OleInitialize 95915->95920 95916->95915 95917 b3248e 95916->95917 95918 b0fddb 22 API calls 95917->95918 95919 b32495 95918->95919 95974 b6011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 95919->95974 95920->95886 95922 b3249e 95975 b60944 CreateThread 95922->95975 95924 b324aa CloseHandle 95924->95915 95925->95888 95976 af13f1 95926->95976 95929 af13f1 22 API calls 95930 af13d0 95929->95930 95931 afa961 22 API calls 95930->95931 95932 af13dc 95931->95932 95983 af6b57 95932->95983 95934 af1129 95935 af1bc3 6 API calls 95934->95935 95935->95893 95937 afa961 22 API calls 95936->95937 95938 af172c 95937->95938 95939 afa961 22 API calls 95938->95939 95940 af1734 95939->95940 95941 afa961 22 API calls 95940->95941 95942 af174f 95941->95942 95943 b0fddb 22 API calls 95942->95943 95944 af129c 95943->95944 95945 af1b4a 95944->95945 95946 af1b58 95945->95946 95947 afa961 22 API calls 95946->95947 95948 af1b63 95947->95948 95949 afa961 22 API calls 95948->95949 95950 af1b6e 95949->95950 95951 afa961 22 API calls 95950->95951 95952 af1b79 95951->95952 95953 afa961 22 API calls 95952->95953 95954 af1b84 95953->95954 95955 b0fddb 22 API calls 95954->95955 95956 af1b96 RegisterWindowMessageW 95955->95956 95956->95907 95958 b01981 95957->95958 95963 b0195d 95957->95963 96000 b10242 5 API calls __Init_thread_wait 95958->96000 95961 b0198b 95961->95963 96001 b101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95961->96001 95962 b08727 95966 b0196e 95962->95966 96003 b101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 95962->96003 95963->95966 96002 b10242 5 API calls __Init_thread_wait 95963->96002 95966->95911 95968 af1abb 95967->95968 95969 b3272d 95967->95969 95971 b0fddb 22 API calls 95968->95971 96004 b63209 23 API calls 95969->96004 95973 af1ac3 95971->95973 95972 b32738 95973->95913 95974->95922 95975->95924 96005 b6092a 28 API calls 95975->96005 95977 afa961 22 API calls 95976->95977 95978 af13fc 95977->95978 95979 afa961 22 API calls 95978->95979 95980 af1404 95979->95980 95981 afa961 22 API calls 95980->95981 95982 af13c6 95981->95982 95982->95929 95984 b34ba1 95983->95984 95985 af6b67 _wcslen 95983->95985 95996 af93b2 95984->95996 95988 af6b7d 95985->95988 95989 af6ba2 95985->95989 95987 b34baa 95987->95987 95995 af6f34 22 API calls 95988->95995 95991 b0fddb 22 API calls 95989->95991 95993 af6bae 95991->95993 95992 af6b85 __fread_nolock 95992->95934 95994 b0fe0b 22 API calls 95993->95994 95994->95992 95995->95992 95997 af93c0 95996->95997 95998 af93c9 __fread_nolock 95996->95998 95997->95998 95999 afaec9 22 API calls 95997->95999 95998->95987 95998->95998 95999->95998 96000->95961 96001->95963 96002->95962 96003->95966 96004->95972 96006 af2de3 96007 af2df0 __wsopen_s 96006->96007 96008 af2e09 96007->96008 96009 b32c2b ___scrt_fastfail 96007->96009 96022 af3aa2 96008->96022 96011 b32c47 GetOpenFileNameW 96009->96011 96013 b32c96 96011->96013 96015 af6b57 22 API calls 96013->96015 96017 b32cab 96015->96017 96017->96017 96019 af2e27 96050 af44a8 96019->96050 96080 b31f50 96022->96080 96025 af3ace 96027 af6b57 22 API calls 96025->96027 96026 af3ae9 96086 afa6c3 96026->96086 96029 af3ada 96027->96029 96082 af37a0 96029->96082 96032 af2da5 96033 b31f50 __wsopen_s 96032->96033 96034 af2db2 GetLongPathNameW 96033->96034 96035 af6b57 22 API calls 96034->96035 96036 af2dda 96035->96036 96037 af3598 96036->96037 96038 afa961 22 API calls 96037->96038 96039 af35aa 96038->96039 96040 af3aa2 23 API calls 96039->96040 96041 af35b5 96040->96041 96042 b332eb 96041->96042 96043 af35c0 96041->96043 96048 b3330d 96042->96048 96104 b0ce60 41 API calls 96042->96104 96092 af515f 96043->96092 96049 af35df 96049->96019 96105 af4ecb 96050->96105 96052 b33833 96127 b62cf9 96052->96127 96054 af4ecb 94 API calls 96056 af44e1 96054->96056 96056->96052 96060 af44e9 96056->96060 96057 b33848 96058 b33869 96057->96058 96059 b3384c 96057->96059 96062 b0fe0b 22 API calls 96058->96062 96154 af4f39 96059->96154 96063 b33854 96060->96063 96064 af44f5 96060->96064 96079 b338ae 96062->96079 96160 b5da5a 82 API calls 96063->96160 96153 af940c 136 API calls 2 library calls 96064->96153 96067 b33862 96067->96058 96068 af2e31 96069 b33a5f 96074 b33a67 96069->96074 96070 af4f39 68 API calls 96070->96074 96074->96070 96166 b5989b 82 API calls __wsopen_s 96074->96166 96076 af9cb3 22 API calls 96076->96079 96079->96069 96079->96074 96079->96076 96161 b5967e 22 API calls __fread_nolock 96079->96161 96162 b595ad 42 API calls _wcslen 96079->96162 96163 b60b5a 22 API calls 96079->96163 96164 afa4a1 22 API calls __fread_nolock 96079->96164 96165 af3ff7 22 API calls 96079->96165 96081 af3aaf GetFullPathNameW 96080->96081 96081->96025 96081->96026 96083 af37ae 96082->96083 96084 af93b2 22 API calls 96083->96084 96085 af2e12 96084->96085 96085->96032 96087 afa6dd 96086->96087 96088 afa6d0 96086->96088 96089 b0fddb 22 API calls 96087->96089 96088->96029 96090 afa6e7 96089->96090 96091 b0fe0b 22 API calls 96090->96091 96091->96088 96093 af516e 96092->96093 96097 af518f __fread_nolock 96092->96097 96096 b0fe0b 22 API calls 96093->96096 96094 b0fddb 22 API calls 96095 af35cc 96094->96095 96098 af35f3 96095->96098 96096->96097 96097->96094 96099 af3605 96098->96099 96103 af3624 __fread_nolock 96098->96103 96102 b0fe0b 22 API calls 96099->96102 96100 b0fddb 22 API calls 96101 af363b 96100->96101 96101->96049 96102->96103 96103->96100 96104->96042 96167 af4e90 LoadLibraryA 96105->96167 96110 af4ef6 LoadLibraryExW 96175 af4e59 LoadLibraryA 96110->96175 96111 b33ccf 96113 af4f39 68 API calls 96111->96113 96115 b33cd6 96113->96115 96117 af4e59 3 API calls 96115->96117 96118 b33cde 96117->96118 96197 af50f5 40 API calls __fread_nolock 96118->96197 96119 af4f20 96119->96118 96120 af4f2c 96119->96120 96122 af4f39 68 API calls 96120->96122 96124 af44cd 96122->96124 96123 b33cf5 96198 b628fe 27 API calls 96123->96198 96124->96052 96124->96054 96126 b33d05 96128 b62d15 96127->96128 96265 af511f 64 API calls 96128->96265 96130 b62d29 96266 b62e66 75 API calls 96130->96266 96132 b62d3b 96150 b62d3f 96132->96150 96267 af50f5 40 API calls __fread_nolock 96132->96267 96134 b62d56 96268 af50f5 40 API calls __fread_nolock 96134->96268 96136 b62d66 96269 af50f5 40 API calls __fread_nolock 96136->96269 96138 b62d81 96270 af50f5 40 API calls __fread_nolock 96138->96270 96140 b62d9c 96271 af511f 64 API calls 96140->96271 96142 b62db3 96143 b1ea0c ___std_exception_copy 21 API calls 96142->96143 96144 b62dba 96143->96144 96145 b1ea0c ___std_exception_copy 21 API calls 96144->96145 96146 b62dc4 96145->96146 96272 af50f5 40 API calls __fread_nolock 96146->96272 96148 b62dd8 96273 b628fe 27 API calls 96148->96273 96150->96057 96151 b62dee 96151->96150 96274 b622ce 96151->96274 96153->96068 96155 af4f43 96154->96155 96157 af4f4a 96154->96157 96156 b1e678 67 API calls 96155->96156 96156->96157 96158 af4f6a FreeLibrary 96157->96158 96159 af4f59 96157->96159 96158->96159 96159->96063 96160->96067 96161->96079 96162->96079 96163->96079 96164->96079 96165->96079 96166->96074 96168 af4ea8 GetProcAddress 96167->96168 96169 af4ec6 96167->96169 96170 af4eb8 96168->96170 96172 b1e5eb 96169->96172 96170->96169 96171 af4ebf FreeLibrary 96170->96171 96171->96169 96199 b1e52a 96172->96199 96174 af4eea 96174->96110 96174->96111 96176 af4e6e GetProcAddress 96175->96176 96177 af4e8d 96175->96177 96178 af4e7e 96176->96178 96180 af4f80 96177->96180 96178->96177 96179 af4e86 FreeLibrary 96178->96179 96179->96177 96181 b0fe0b 22 API calls 96180->96181 96182 af4f95 96181->96182 96251 af5722 96182->96251 96184 af4fa1 __fread_nolock 96185 af50a5 96184->96185 96186 b33d1d 96184->96186 96196 af4fdc 96184->96196 96254 af42a2 CreateStreamOnHGlobal 96185->96254 96262 b6304d 74 API calls 96186->96262 96189 b33d22 96263 af511f 64 API calls 96189->96263 96192 b33d45 96264 af50f5 40 API calls __fread_nolock 96192->96264 96194 af506e ISource 96194->96119 96196->96189 96196->96194 96260 af50f5 40 API calls __fread_nolock 96196->96260 96261 af511f 64 API calls 96196->96261 96197->96123 96198->96126 96201 b1e536 ___BuildCatchObject 96199->96201 96200 b1e544 96224 b1f2d9 20 API calls _free 96200->96224 96201->96200 96203 b1e574 96201->96203 96206 b1e586 96203->96206 96207 b1e579 96203->96207 96204 b1e549 96225 b227ec 26 API calls __fread_nolock 96204->96225 96216 b28061 96206->96216 96226 b1f2d9 20 API calls _free 96207->96226 96210 b1e58f 96211 b1e5a2 96210->96211 96212 b1e595 96210->96212 96228 b1e5d4 LeaveCriticalSection __fread_nolock 96211->96228 96227 b1f2d9 20 API calls _free 96212->96227 96213 b1e554 __fread_nolock 96213->96174 96217 b2806d ___BuildCatchObject 96216->96217 96229 b22f5e EnterCriticalSection 96217->96229 96219 b2807b 96230 b280fb 96219->96230 96223 b280ac __fread_nolock 96223->96210 96224->96204 96225->96213 96226->96213 96227->96213 96228->96213 96229->96219 96237 b2811e 96230->96237 96231 b28177 96232 b24c7d _free 20 API calls 96231->96232 96233 b28180 96232->96233 96235 b229c8 _free 20 API calls 96233->96235 96236 b28189 96235->96236 96239 b28088 96236->96239 96248 b23405 11 API calls 2 library calls 96236->96248 96237->96231 96237->96237 96237->96239 96246 b1918d EnterCriticalSection 96237->96246 96247 b191a1 LeaveCriticalSection 96237->96247 96243 b280b7 96239->96243 96240 b281a8 96249 b1918d EnterCriticalSection 96240->96249 96250 b22fa6 LeaveCriticalSection 96243->96250 96245 b280be 96245->96223 96246->96237 96247->96237 96248->96240 96249->96239 96250->96245 96252 b0fddb 22 API calls 96251->96252 96253 af5734 96252->96253 96253->96184 96255 af42bc FindResourceExW 96254->96255 96256 af42d9 96254->96256 96255->96256 96257 b335ba LoadResource 96255->96257 96256->96196 96257->96256 96258 b335cf SizeofResource 96257->96258 96258->96256 96259 b335e3 LockResource 96258->96259 96259->96256 96260->96196 96261->96196 96262->96189 96263->96192 96264->96194 96265->96130 96266->96132 96267->96134 96268->96136 96269->96138 96270->96140 96271->96142 96272->96148 96273->96151 96275 b622e7 96274->96275 96276 b622d9 96274->96276 96278 b6232c 96275->96278 96279 b1e5eb 29 API calls 96275->96279 96302 b622f0 96275->96302 96277 b1e5eb 29 API calls 96276->96277 96277->96275 96303 b62557 40 API calls __fread_nolock 96278->96303 96280 b62311 96279->96280 96280->96278 96282 b6231a 96280->96282 96282->96302 96311 b1e678 96282->96311 96283 b62370 96284 b62374 96283->96284 96285 b62395 96283->96285 96288 b62381 96284->96288 96289 b1e678 67 API calls 96284->96289 96304 b62171 96285->96304 96291 b1e678 67 API calls 96288->96291 96288->96302 96289->96288 96290 b6239d 96292 b623c3 96290->96292 96293 b623a3 96290->96293 96291->96302 96324 b623f3 74 API calls 96292->96324 96295 b623b0 96293->96295 96296 b1e678 67 API calls 96293->96296 96297 b1e678 67 API calls 96295->96297 96295->96302 96296->96295 96297->96302 96298 b623ca 96299 b623de 96298->96299 96300 b1e678 67 API calls 96298->96300 96301 b1e678 67 API calls 96299->96301 96299->96302 96300->96299 96301->96302 96302->96150 96303->96283 96305 b1ea0c ___std_exception_copy 21 API calls 96304->96305 96306 b6217f 96305->96306 96307 b1ea0c ___std_exception_copy 21 API calls 96306->96307 96308 b62190 96307->96308 96309 b1ea0c ___std_exception_copy 21 API calls 96308->96309 96310 b6219c 96309->96310 96310->96290 96312 b1e684 ___BuildCatchObject 96311->96312 96313 b1e695 96312->96313 96314 b1e6aa 96312->96314 96342 b1f2d9 20 API calls _free 96313->96342 96323 b1e6a5 __fread_nolock 96314->96323 96325 b1918d EnterCriticalSection 96314->96325 96317 b1e69a 96343 b227ec 26 API calls __fread_nolock 96317->96343 96318 b1e6c6 96326 b1e602 96318->96326 96321 b1e6d1 96344 b1e6ee LeaveCriticalSection __fread_nolock 96321->96344 96323->96302 96324->96298 96325->96318 96327 b1e624 96326->96327 96328 b1e60f 96326->96328 96334 b1e61f 96327->96334 96345 b1dc0b 96327->96345 96377 b1f2d9 20 API calls _free 96328->96377 96330 b1e614 96378 b227ec 26 API calls __fread_nolock 96330->96378 96334->96321 96338 b1e646 96362 b2862f 96338->96362 96341 b229c8 _free 20 API calls 96341->96334 96342->96317 96343->96323 96344->96323 96346 b1dc23 96345->96346 96350 b1dc1f 96345->96350 96347 b1d955 __fread_nolock 26 API calls 96346->96347 96346->96350 96348 b1dc43 96347->96348 96379 b259be 62 API calls 5 library calls 96348->96379 96351 b24d7a 96350->96351 96352 b24d90 96351->96352 96353 b1e640 96351->96353 96352->96353 96354 b229c8 _free 20 API calls 96352->96354 96355 b1d955 96353->96355 96354->96353 96356 b1d961 96355->96356 96357 b1d976 96355->96357 96380 b1f2d9 20 API calls _free 96356->96380 96357->96338 96359 b1d966 96381 b227ec 26 API calls __fread_nolock 96359->96381 96361 b1d971 96361->96338 96363 b28653 96362->96363 96364 b2863e 96362->96364 96366 b2868e 96363->96366 96370 b2867a 96363->96370 96385 b1f2c6 20 API calls _free 96364->96385 96387 b1f2c6 20 API calls _free 96366->96387 96367 b28643 96386 b1f2d9 20 API calls _free 96367->96386 96382 b28607 96370->96382 96371 b28693 96388 b1f2d9 20 API calls _free 96371->96388 96374 b2869b 96389 b227ec 26 API calls __fread_nolock 96374->96389 96375 b1e64c 96375->96334 96375->96341 96377->96330 96378->96334 96379->96350 96380->96359 96381->96361 96390 b28585 96382->96390 96384 b2862b 96384->96375 96385->96367 96386->96375 96387->96371 96388->96374 96389->96375 96391 b28591 ___BuildCatchObject 96390->96391 96401 b25147 EnterCriticalSection 96391->96401 96393 b2859f 96394 b285d1 96393->96394 96395 b285c6 96393->96395 96417 b1f2d9 20 API calls _free 96394->96417 96402 b286ae 96395->96402 96398 b285cc 96418 b285fb LeaveCriticalSection __wsopen_s 96398->96418 96400 b285ee __fread_nolock 96400->96384 96401->96393 96419 b253c4 96402->96419 96404 b286c4 96432 b25333 21 API calls 3 library calls 96404->96432 96406 b286be 96406->96404 96409 b253c4 __wsopen_s 26 API calls 96406->96409 96416 b286f6 96406->96416 96407 b253c4 __wsopen_s 26 API calls 96410 b28702 FindCloseChangeNotification 96407->96410 96408 b2871c 96415 b2873e 96408->96415 96433 b1f2a3 20 API calls 2 library calls 96408->96433 96411 b286ed 96409->96411 96410->96404 96413 b2870e GetLastError 96410->96413 96412 b253c4 __wsopen_s 26 API calls 96411->96412 96412->96416 96413->96404 96415->96398 96416->96404 96416->96407 96417->96398 96418->96400 96420 b253d1 96419->96420 96421 b253e6 96419->96421 96422 b1f2c6 __dosmaperr 20 API calls 96420->96422 96424 b1f2c6 __dosmaperr 20 API calls 96421->96424 96426 b2540b 96421->96426 96423 b253d6 96422->96423 96425 b1f2d9 _free 20 API calls 96423->96425 96427 b25416 96424->96427 96428 b253de 96425->96428 96426->96406 96429 b1f2d9 _free 20 API calls 96427->96429 96428->96406 96430 b2541e 96429->96430 96431 b227ec __fread_nolock 26 API calls 96430->96431 96431->96428 96432->96408 96433->96415 96434 aff7bf 96435 affcb6 96434->96435 96436 aff7d3 96434->96436 96525 afaceb 23 API calls ISource 96435->96525 96438 affcc2 96436->96438 96439 b0fddb 22 API calls 96436->96439 96526 afaceb 23 API calls ISource 96438->96526 96441 aff7e5 96439->96441 96441->96438 96442 aff83e 96441->96442 96443 affd3d 96441->96443 96462 afed9d ISource 96442->96462 96469 b01310 96442->96469 96527 b61155 22 API calls 96443->96527 96446 b0fddb 22 API calls 96450 afec76 ISource 96446->96450 96447 b44beb 96533 b6359c 82 API calls __wsopen_s 96447->96533 96448 affef7 96448->96462 96529 afa8c7 22 API calls __fread_nolock 96448->96529 96450->96446 96450->96447 96450->96448 96452 b44b0b 96450->96452 96453 afa8c7 22 API calls 96450->96453 96454 aff3ae ISource 96450->96454 96455 b44600 96450->96455 96460 b10242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96450->96460 96450->96462 96463 affbe3 96450->96463 96464 afa961 22 API calls 96450->96464 96465 b100a3 29 API calls pre_c_initialization 96450->96465 96468 b101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96450->96468 96523 b001e0 185 API calls 2 library calls 96450->96523 96524 b006a0 41 API calls ISource 96450->96524 96531 b6359c 82 API calls __wsopen_s 96452->96531 96453->96450 96454->96462 96530 b6359c 82 API calls __wsopen_s 96454->96530 96455->96462 96528 afa8c7 22 API calls __fread_nolock 96455->96528 96460->96450 96463->96454 96463->96462 96466 b44bdc 96463->96466 96464->96450 96465->96450 96532 b6359c 82 API calls __wsopen_s 96466->96532 96468->96450 96470 b017b0 96469->96470 96471 b01376 96469->96471 96548 b10242 5 API calls __Init_thread_wait 96470->96548 96473 b01390 96471->96473 96474 b46331 96471->96474 96478 b01940 9 API calls 96473->96478 96475 b4633d 96474->96475 96559 b7709c 185 API calls 96474->96559 96475->96450 96477 b017ba 96479 b017fb 96477->96479 96549 af9cb3 96477->96549 96480 b013a0 96478->96480 96484 b46346 96479->96484 96486 b0182c 96479->96486 96481 b01940 9 API calls 96480->96481 96483 b013b6 96481->96483 96483->96479 96485 b013ec 96483->96485 96560 b6359c 82 API calls __wsopen_s 96484->96560 96485->96484 96509 b01408 __fread_nolock 96485->96509 96556 afaceb 23 API calls ISource 96486->96556 96489 b01839 96557 b0d217 185 API calls 96489->96557 96490 b017d4 96555 b101f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96490->96555 96493 b4636e 96561 b6359c 82 API calls __wsopen_s 96493->96561 96494 b0152f 96496 b463d1 96494->96496 96497 b0153c 96494->96497 96563 b75745 54 API calls _wcslen 96496->96563 96499 b01940 9 API calls 96497->96499 96500 b01549 96499->96500 96503 b464fa 96500->96503 96505 b01940 9 API calls 96500->96505 96501 b0fddb 22 API calls 96501->96509 96502 b0fe0b 22 API calls 96502->96509 96513 b46369 96503->96513 96565 b6359c 82 API calls __wsopen_s 96503->96565 96504 b01872 96558 b0faeb 23 API calls 96504->96558 96511 b01563 96505->96511 96508 afec40 185 API calls 96508->96509 96509->96489 96509->96493 96509->96494 96509->96501 96509->96502 96509->96508 96510 b463b2 96509->96510 96509->96513 96562 b6359c 82 API calls __wsopen_s 96510->96562 96511->96503 96516 b015c7 ISource 96511->96516 96564 afa8c7 22 API calls __fread_nolock 96511->96564 96513->96450 96515 b01940 9 API calls 96515->96516 96516->96503 96516->96504 96516->96513 96516->96515 96518 b0167b ISource 96516->96518 96534 b7ac5b 96516->96534 96537 b65c5a 96516->96537 96542 b7a2ea 96516->96542 96517 b0171d 96517->96450 96518->96517 96547 b0ce17 22 API calls ISource 96518->96547 96523->96450 96524->96450 96525->96438 96526->96443 96527->96462 96528->96462 96529->96462 96530->96462 96531->96462 96532->96447 96533->96462 96566 b7ad64 96534->96566 96536 b7ac6f 96536->96516 96538 af7510 53 API calls 96537->96538 96539 b65c6d 96538->96539 96625 b5dbbe lstrlenW 96539->96625 96541 b65c77 96541->96516 96543 af7510 53 API calls 96542->96543 96544 b7a306 96543->96544 96630 b5d4dc CreateToolhelp32Snapshot Process32FirstW 96544->96630 96546 b7a315 96546->96516 96547->96518 96548->96477 96550 af9cc2 _wcslen 96549->96550 96551 b0fe0b 22 API calls 96550->96551 96552 af9cea __fread_nolock 96551->96552 96553 b0fddb 22 API calls 96552->96553 96554 af9d00 96553->96554 96554->96490 96555->96479 96556->96489 96557->96504 96558->96504 96559->96475 96560->96513 96561->96513 96562->96513 96563->96511 96564->96516 96565->96513 96567 afa961 22 API calls 96566->96567 96569 b7ad77 ___scrt_fastfail 96567->96569 96568 b7adce 96570 b7adee 96568->96570 96572 af7510 53 API calls 96568->96572 96569->96568 96571 af7510 53 API calls 96569->96571 96573 b7ae3a 96570->96573 96576 af7510 53 API calls 96570->96576 96574 b7adab 96571->96574 96575 b7ade4 96572->96575 96578 b7ae4d ___scrt_fastfail 96573->96578 96620 afb567 39 API calls 96573->96620 96574->96568 96579 af7510 53 API calls 96574->96579 96618 af7620 22 API calls _wcslen 96575->96618 96585 b7ae04 96576->96585 96594 af7510 96578->96594 96581 b7adc4 96579->96581 96617 af7620 22 API calls _wcslen 96581->96617 96585->96573 96586 af7510 53 API calls 96585->96586 96587 b7ae28 96586->96587 96587->96573 96619 afa8c7 22 API calls __fread_nolock 96587->96619 96589 b7aeb0 96590 b7aec8 96589->96590 96591 b7af35 GetProcessId 96589->96591 96590->96536 96592 b7af48 96591->96592 96593 b7af58 CloseHandle 96592->96593 96593->96590 96595 af7525 96594->96595 96596 af7522 ShellExecuteExW 96594->96596 96597 af752d 96595->96597 96598 af755b 96595->96598 96596->96589 96621 b151c6 26 API calls 96597->96621 96599 b350f6 96598->96599 96602 af756d 96598->96602 96610 b3500f 96598->96610 96624 b15183 26 API calls 96599->96624 96622 b0fb21 51 API calls 96602->96622 96603 af753d 96607 b0fddb 22 API calls 96603->96607 96604 b3510e 96604->96604 96608 af7547 96607->96608 96611 af9cb3 22 API calls 96608->96611 96609 b35088 96623 b0fb21 51 API calls 96609->96623 96610->96609 96612 b0fe0b 22 API calls 96610->96612 96611->96596 96613 b35058 96612->96613 96614 b0fddb 22 API calls 96613->96614 96615 b3507f 96614->96615 96616 af9cb3 22 API calls 96615->96616 96616->96609 96617->96568 96618->96570 96619->96573 96620->96578 96621->96603 96622->96603 96623->96599 96624->96604 96626 b5dbdc GetFileAttributesW 96625->96626 96627 b5dc06 96625->96627 96626->96627 96628 b5dbe8 FindFirstFileW 96626->96628 96627->96541 96628->96627 96629 b5dbf9 FindClose 96628->96629 96629->96627 96640 b5def7 96630->96640 96632 b5d529 Process32NextW 96633 b5d5db FindCloseChangeNotification 96632->96633 96638 b5d522 96632->96638 96633->96546 96634 afa961 22 API calls 96634->96638 96635 af9cb3 22 API calls 96635->96638 96638->96632 96638->96633 96638->96634 96638->96635 96646 af525f 22 API calls 96638->96646 96647 af6350 22 API calls 96638->96647 96648 b0ce60 41 API calls 96638->96648 96641 b5df02 96640->96641 96642 b5df19 96641->96642 96645 b5df1f 96641->96645 96649 b163b2 GetStringTypeW _strftime 96641->96649 96650 b162fb 39 API calls _strftime 96642->96650 96645->96638 96646->96638 96647->96638 96648->96638 96649->96641 96650->96645 96651 b28402 96656 b281be 96651->96656 96654 b2842a 96661 b281ef try_get_first_available_module 96656->96661 96658 b283ee 96675 b227ec 26 API calls __fread_nolock 96658->96675 96660 b28343 96660->96654 96668 b30984 96660->96668 96661->96661 96667 b28338 96661->96667 96671 b18e0b 40 API calls 2 library calls 96661->96671 96663 b2838c 96663->96667 96672 b18e0b 40 API calls 2 library calls 96663->96672 96665 b283ab 96665->96667 96673 b18e0b 40 API calls 2 library calls 96665->96673 96667->96660 96674 b1f2d9 20 API calls _free 96667->96674 96676 b30081 96668->96676 96670 b3099f 96670->96654 96671->96663 96672->96665 96673->96667 96674->96658 96675->96660 96678 b3008d ___BuildCatchObject 96676->96678 96677 b3009b 96734 b1f2d9 20 API calls _free 96677->96734 96678->96677 96681 b300d4 96678->96681 96680 b300a0 96735 b227ec 26 API calls __fread_nolock 96680->96735 96687 b3065b 96681->96687 96686 b300aa __fread_nolock 96686->96670 96737 b3042f 96687->96737 96690 b306a6 96755 b25221 96690->96755 96691 b3068d 96769 b1f2c6 20 API calls _free 96691->96769 96694 b306ab 96695 b306b4 96694->96695 96696 b306cb 96694->96696 96771 b1f2c6 20 API calls _free 96695->96771 96768 b3039a CreateFileW 96696->96768 96700 b306b9 96772 b1f2d9 20 API calls _free 96700->96772 96701 b300f8 96736 b30121 LeaveCriticalSection __wsopen_s 96701->96736 96703 b30781 GetFileType 96704 b307d3 96703->96704 96705 b3078c GetLastError 96703->96705 96777 b2516a 21 API calls 3 library calls 96704->96777 96775 b1f2a3 20 API calls 2 library calls 96705->96775 96706 b30692 96770 b1f2d9 20 API calls _free 96706->96770 96707 b30756 GetLastError 96774 b1f2a3 20 API calls 2 library calls 96707->96774 96709 b30704 96709->96703 96709->96707 96773 b3039a CreateFileW 96709->96773 96711 b3079a CloseHandle 96711->96706 96713 b307c3 96711->96713 96776 b1f2d9 20 API calls _free 96713->96776 96715 b30749 96715->96703 96715->96707 96717 b307f4 96719 b30840 96717->96719 96778 b305ab 72 API calls 4 library calls 96717->96778 96718 b307c8 96718->96706 96723 b3086d 96719->96723 96779 b3014d 72 API calls 4 library calls 96719->96779 96722 b30866 96722->96723 96724 b3087e 96722->96724 96725 b286ae __wsopen_s 29 API calls 96723->96725 96724->96701 96726 b308fc CloseHandle 96724->96726 96725->96701 96780 b3039a CreateFileW 96726->96780 96728 b30927 96729 b3095d 96728->96729 96730 b30931 GetLastError 96728->96730 96729->96701 96781 b1f2a3 20 API calls 2 library calls 96730->96781 96732 b3093d 96782 b25333 21 API calls 3 library calls 96732->96782 96734->96680 96735->96686 96736->96686 96738 b30450 96737->96738 96739 b3046a 96737->96739 96738->96739 96790 b1f2d9 20 API calls _free 96738->96790 96783 b303bf 96739->96783 96742 b3045f 96791 b227ec 26 API calls __fread_nolock 96742->96791 96744 b304a2 96746 b304d1 96744->96746 96792 b1f2d9 20 API calls _free 96744->96792 96745 b30524 96745->96690 96745->96691 96746->96745 96794 b1d70d 26 API calls 2 library calls 96746->96794 96749 b3051f 96749->96745 96751 b3059e 96749->96751 96750 b304c6 96793 b227ec 26 API calls __fread_nolock 96750->96793 96795 b227fc 11 API calls _abort 96751->96795 96754 b305aa 96756 b2522d ___BuildCatchObject 96755->96756 96798 b22f5e EnterCriticalSection 96756->96798 96758 b2527b 96799 b2532a 96758->96799 96759 b25259 96762 b25000 __wsopen_s 21 API calls 96759->96762 96760 b25234 96760->96758 96760->96759 96765 b252c7 EnterCriticalSection 96760->96765 96764 b2525e 96762->96764 96763 b252a4 __fread_nolock 96763->96694 96764->96758 96802 b25147 EnterCriticalSection 96764->96802 96765->96758 96766 b252d4 LeaveCriticalSection 96765->96766 96766->96760 96768->96709 96769->96706 96770->96701 96771->96700 96772->96706 96773->96715 96774->96706 96775->96711 96776->96718 96777->96717 96778->96719 96779->96722 96780->96728 96781->96732 96782->96729 96784 b303d7 96783->96784 96785 b303f2 96784->96785 96796 b1f2d9 20 API calls _free 96784->96796 96785->96744 96787 b30416 96797 b227ec 26 API calls __fread_nolock 96787->96797 96789 b30421 96789->96744 96790->96742 96791->96739 96792->96750 96793->96746 96794->96749 96795->96754 96796->96787 96797->96789 96798->96760 96803 b22fa6 LeaveCriticalSection 96799->96803 96801 b25331 96801->96763 96802->96758 96803->96801 96804 b32402 96807 af1410 96804->96807 96808 af144f mciSendStringW 96807->96808 96809 b324b8 DestroyWindow 96807->96809 96810 af146b 96808->96810 96811 af16c6 96808->96811 96821 b324c4 96809->96821 96812 af1479 96810->96812 96810->96821 96811->96810 96813 af16d5 UnregisterHotKey 96811->96813 96840 af182e 96812->96840 96813->96811 96815 b32509 96822 b3252d 96815->96822 96823 b3251c FreeLibrary 96815->96823 96816 b324e2 FindClose 96816->96821 96817 b324d8 96817->96821 96846 af6246 CloseHandle 96817->96846 96819 af148e 96819->96822 96828 af149c 96819->96828 96821->96815 96821->96816 96821->96817 96824 b32541 VirtualFree 96822->96824 96831 af1509 96822->96831 96823->96815 96824->96822 96825 af14f8 OleUninitialize 96825->96831 96826 b32589 96833 b32598 ISource 96826->96833 96847 b632eb 6 API calls ISource 96826->96847 96827 af1514 96830 af1524 96827->96830 96828->96825 96844 af1944 VirtualFreeEx CloseHandle 96830->96844 96831->96826 96831->96827 96836 b32627 96833->96836 96848 b564d4 22 API calls ISource 96833->96848 96835 af153a 96835->96833 96837 af161f 96835->96837 96836->96836 96837->96836 96845 af1876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 96837->96845 96839 af16c1 96841 af183b 96840->96841 96842 af1480 96841->96842 96849 b5702a 22 API calls 96841->96849 96842->96815 96842->96819 96844->96835 96845->96839 96846->96817 96847->96826 96848->96833 96849->96841 96850 b42a00 96865 afd7b0 ISource 96850->96865 96851 afdb11 PeekMessageW 96851->96865 96852 afd807 GetInputState 96852->96851 96852->96865 96854 b41cbe TranslateAcceleratorW 96854->96865 96855 afdb8f PeekMessageW 96855->96865 96856 afda04 timeGetTime 96856->96865 96857 afdb73 TranslateMessage DispatchMessageW 96857->96855 96858 afdbaf Sleep 96876 afdbc0 96858->96876 96859 b42b74 Sleep 96859->96876 96860 b0e551 timeGetTime 96860->96876 96861 b41dda timeGetTime 96891 b0e300 23 API calls 96861->96891 96863 b5d4dc 47 API calls 96863->96876 96864 b42c0b GetExitCodeProcess 96866 b42c37 CloseHandle 96864->96866 96867 b42c21 WaitForSingleObject 96864->96867 96865->96851 96865->96852 96865->96854 96865->96855 96865->96856 96865->96857 96865->96858 96865->96859 96865->96861 96870 afd9d5 96865->96870 96878 afec40 185 API calls 96865->96878 96879 b01310 185 API calls 96865->96879 96880 afbf40 185 API calls 96865->96880 96882 afdd50 96865->96882 96889 afdfd0 185 API calls 3 library calls 96865->96889 96890 b0edf6 IsDialogMessageW GetClassLongW 96865->96890 96892 b63a2a 23 API calls 96865->96892 96893 b6359c 82 API calls __wsopen_s 96865->96893 96866->96876 96867->96865 96867->96866 96868 b42a31 96868->96870 96869 b829bf GetForegroundWindow 96869->96876 96872 b42ca9 Sleep 96872->96865 96876->96860 96876->96863 96876->96864 96876->96865 96876->96868 96876->96869 96876->96870 96876->96872 96894 b75658 23 API calls 96876->96894 96895 b5e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96876->96895 96878->96865 96879->96865 96880->96865 96883 afdd6f 96882->96883 96884 afdd83 96882->96884 96896 afd260 96883->96896 96928 b6359c 82 API calls __wsopen_s 96884->96928 96887 afdd7a 96887->96865 96888 b42f75 96888->96888 96889->96865 96890->96865 96891->96865 96892->96865 96893->96865 96894->96876 96895->96876 96897 afec40 185 API calls 96896->96897 96916 afd29d 96897->96916 96898 b41bc4 96935 b6359c 82 API calls __wsopen_s 96898->96935 96900 afd3c3 96902 afd6d5 96900->96902 96904 afd3ce 96900->96904 96901 afd30b ISource 96901->96887 96902->96901 96912 b0fe0b 22 API calls 96902->96912 96903 afd5ff 96905 b41bb5 96903->96905 96906 afd614 96903->96906 96908 b0fddb 22 API calls 96904->96908 96934 b75705 23 API calls 96905->96934 96910 b0fddb 22 API calls 96906->96910 96907 afd4b8 96913 b0fe0b 22 API calls 96907->96913 96917 afd3d5 __fread_nolock 96908->96917 96920 afd46a 96910->96920 96911 b0fddb 22 API calls 96911->96916 96912->96917 96923 afd429 ISource __fread_nolock 96913->96923 96914 b0fddb 22 API calls 96915 afd3f6 96914->96915 96915->96923 96929 afbec0 185 API calls 96915->96929 96916->96898 96916->96900 96916->96901 96916->96902 96916->96907 96916->96911 96916->96923 96917->96914 96917->96915 96919 b41ba4 96933 b6359c 82 API calls __wsopen_s 96919->96933 96920->96887 96923->96903 96923->96919 96923->96920 96924 b41b7f 96923->96924 96926 b41b5d 96923->96926 96930 af1f6f 185 API calls 96923->96930 96932 b6359c 82 API calls __wsopen_s 96924->96932 96931 b6359c 82 API calls __wsopen_s 96926->96931 96928->96888 96929->96923 96930->96923 96931->96920 96932->96920 96933->96920 96934->96898 96935->96901 96936 af105b 96941 af344d 96936->96941 96938 af106a 96972 b100a3 29 API calls __onexit 96938->96972 96940 af1074 96942 af345d __wsopen_s 96941->96942 96943 afa961 22 API calls 96942->96943 96944 af3513 96943->96944 96973 af3a5a 96944->96973 96946 af351c 96980 af3357 96946->96980 96951 af515f 22 API calls 96952 af3544 96951->96952 96953 afa961 22 API calls 96952->96953 96954 af354d 96953->96954 96955 afa6c3 22 API calls 96954->96955 96956 af3556 RegOpenKeyExW 96955->96956 96957 b33176 RegQueryValueExW 96956->96957 96961 af3578 96956->96961 96958 b33193 96957->96958 96959 b3320c RegCloseKey 96957->96959 96960 b0fe0b 22 API calls 96958->96960 96959->96961 96964 b3321e _wcslen 96959->96964 96962 b331ac 96960->96962 96961->96938 96963 af5722 22 API calls 96962->96963 96965 b331b7 RegQueryValueExW 96963->96965 96964->96961 96966 af4c6d 22 API calls 96964->96966 96970 af9cb3 22 API calls 96964->96970 96971 af515f 22 API calls 96964->96971 96967 b331d4 96965->96967 96969 b331ee ISource 96965->96969 96966->96964 96968 af6b57 22 API calls 96967->96968 96968->96969 96969->96959 96970->96964 96971->96964 96972->96940 96974 b31f50 __wsopen_s 96973->96974 96975 af3a67 GetModuleFileNameW 96974->96975 96976 af9cb3 22 API calls 96975->96976 96977 af3a8d 96976->96977 96978 af3aa2 23 API calls 96977->96978 96979 af3a97 96978->96979 96979->96946 96981 b31f50 __wsopen_s 96980->96981 96982 af3364 GetFullPathNameW 96981->96982 96983 af3386 96982->96983 96984 af6b57 22 API calls 96983->96984 96985 af33a4 96984->96985 96986 af33c6 96985->96986 96987 af33dd 96986->96987 96988 b330bb 96986->96988 96995 af33ee 96987->96995 96989 b0fddb 22 API calls 96988->96989 96992 b330c5 _wcslen 96989->96992 96991 af33e8 96991->96951 96993 b0fe0b 22 API calls 96992->96993 96994 b330fe __fread_nolock 96993->96994 96996 af33fe _wcslen 96995->96996 96997 b3311d 96996->96997 96998 af3411 96996->96998 97000 b0fddb 22 API calls 96997->97000 97005 afa587 96998->97005 97002 b33127 97000->97002 97001 af341e __fread_nolock 97001->96991 97003 b0fe0b 22 API calls 97002->97003 97004 b33157 __fread_nolock 97003->97004 97006 afa59d 97005->97006 97009 afa598 __fread_nolock 97005->97009 97007 b0fe0b 22 API calls 97006->97007 97008 b3f80f 97006->97008 97007->97009 97009->97001 97010 b32ba5 97011 af2b25 97010->97011 97012 b32baf 97010->97012 97038 af2b83 7 API calls 97011->97038 97014 af3a5a 24 API calls 97012->97014 97015 b32bb8 97014->97015 97017 af9cb3 22 API calls 97015->97017 97020 b32bc6 97017->97020 97019 af2b2f 97028 af2b44 97019->97028 97042 af3837 97019->97042 97021 b32bf5 97020->97021 97022 b32bce 97020->97022 97025 af33c6 22 API calls 97021->97025 97024 af33c6 22 API calls 97022->97024 97026 b32bd9 97024->97026 97036 b32bf1 GetForegroundWindow ShellExecuteW 97025->97036 97056 af6350 22 API calls 97026->97056 97027 af2b5f 97034 af2b66 SetCurrentDirectoryW 97027->97034 97028->97027 97052 af30f2 97028->97052 97032 b32be7 97033 af33c6 22 API calls 97032->97033 97033->97036 97037 af2b7a 97034->97037 97035 b32c26 97035->97027 97036->97035 97057 af2cd4 7 API calls 97038->97057 97040 af2b2a 97041 af2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 97040->97041 97041->97019 97043 af3862 ___scrt_fastfail 97042->97043 97058 af4212 97043->97058 97046 af38e8 97048 b33386 Shell_NotifyIconW 97046->97048 97049 af3906 Shell_NotifyIconW 97046->97049 97062 af3923 97049->97062 97051 af391c 97051->97028 97053 af3154 97052->97053 97054 af3104 ___scrt_fastfail 97052->97054 97053->97027 97055 af3123 Shell_NotifyIconW 97054->97055 97055->97053 97056->97032 97057->97040 97059 b335a4 97058->97059 97060 af38b7 97058->97060 97059->97060 97061 b335ad DestroyIcon 97059->97061 97060->97046 97084 b5c874 42 API calls _strftime 97060->97084 97061->97060 97063 af393f 97062->97063 97064 af3a13 97062->97064 97085 af6270 97063->97085 97064->97051 97067 b33393 LoadStringW 97071 b333ad 97067->97071 97068 af395a 97069 af6b57 22 API calls 97068->97069 97070 af396f 97069->97070 97072 af397c 97070->97072 97073 b333c9 97070->97073 97078 af3994 ___scrt_fastfail 97071->97078 97091 afa8c7 22 API calls __fread_nolock 97071->97091 97072->97071 97075 af3986 97072->97075 97092 af6350 22 API calls 97073->97092 97090 af6350 22 API calls 97075->97090 97081 af39f9 Shell_NotifyIconW 97078->97081 97079 b333d7 97079->97078 97080 af33c6 22 API calls 97079->97080 97082 b333f9 97080->97082 97081->97064 97083 af33c6 22 API calls 97082->97083 97083->97078 97084->97046 97086 b0fe0b 22 API calls 97085->97086 97087 af6295 97086->97087 97088 b0fddb 22 API calls 97087->97088 97089 af394d 97088->97089 97089->97067 97089->97068 97090->97078 97091->97078 97092->97079 97093 af1098 97098 af42de 97093->97098 97097 af10a7 97099 afa961 22 API calls 97098->97099 97100 af42f5 GetVersionExW 97099->97100 97101 af6b57 22 API calls 97100->97101 97102 af4342 97101->97102 97103 af93b2 22 API calls 97102->97103 97108 af4378 97102->97108 97104 af436c 97103->97104 97106 af37a0 22 API calls 97104->97106 97105 af441b GetCurrentProcess IsWow64Process 97107 af4437 97105->97107 97106->97108 97110 af444f LoadLibraryA 97107->97110 97111 b33824 GetSystemInfo 97107->97111 97108->97105 97109 b337df 97108->97109 97112 af449c GetSystemInfo 97110->97112 97113 af4460 GetProcAddress 97110->97113 97114 af4476 97112->97114 97113->97112 97115 af4470 GetNativeSystemInfo 97113->97115 97116 af447a FreeLibrary 97114->97116 97117 af109d 97114->97117 97115->97114 97116->97117 97118 b100a3 29 API calls __onexit 97117->97118 97118->97097 97119 af2e37 97120 afa961 22 API calls 97119->97120 97121 af2e4d 97120->97121 97198 af4ae3 97121->97198 97123 af2e6b 97124 af3a5a 24 API calls 97123->97124 97125 af2e7f 97124->97125 97126 af9cb3 22 API calls 97125->97126 97127 af2e8c 97126->97127 97128 af4ecb 94 API calls 97127->97128 97129 af2ea5 97128->97129 97130 af2ead 97129->97130 97131 b32cb0 97129->97131 97212 afa8c7 22 API calls __fread_nolock 97130->97212 97132 b62cf9 80 API calls 97131->97132 97133 b32cc3 97132->97133 97134 b32ccf 97133->97134 97136 af4f39 68 API calls 97133->97136 97140 af4f39 68 API calls 97134->97140 97136->97134 97137 af2ec3 97213 af6f88 22 API calls 97137->97213 97139 af2ecf 97141 af9cb3 22 API calls 97139->97141 97142 b32ce5 97140->97142 97143 af2edc 97141->97143 97230 af3084 22 API calls 97142->97230 97214 afa81b 41 API calls 97143->97214 97146 af2eec 97148 af9cb3 22 API calls 97146->97148 97147 b32d02 97231 af3084 22 API calls 97147->97231 97150 af2f12 97148->97150 97215 afa81b 41 API calls 97150->97215 97151 b32d1e 97153 af3a5a 24 API calls 97151->97153 97154 b32d44 97153->97154 97232 af3084 22 API calls 97154->97232 97155 af2f21 97157 afa961 22 API calls 97155->97157 97159 af2f3f 97157->97159 97158 b32d50 97233 afa8c7 22 API calls __fread_nolock 97158->97233 97216 af3084 22 API calls 97159->97216 97162 b32d5e 97234 af3084 22 API calls 97162->97234 97163 af2f4b 97217 b14a28 40 API calls 3 library calls 97163->97217 97166 b32d6d 97235 afa8c7 22 API calls __fread_nolock 97166->97235 97167 af2f59 97167->97142 97168 af2f63 97167->97168 97218 b14a28 40 API calls 3 library calls 97168->97218 97171 b32d83 97236 af3084 22 API calls 97171->97236 97172 af2f6e 97172->97147 97174 af2f78 97172->97174 97219 b14a28 40 API calls 3 library calls 97174->97219 97175 b32d90 97177 af2f83 97177->97151 97178 af2f8d 97177->97178 97220 b14a28 40 API calls 3 library calls 97178->97220 97180 af2fdc 97180->97166 97182 af2fe8 97180->97182 97181 af2f98 97181->97180 97221 af3084 22 API calls 97181->97221 97182->97175 97224 af63eb 22 API calls 97182->97224 97184 af2fbf 97222 afa8c7 22 API calls __fread_nolock 97184->97222 97187 af2ff8 97225 af6a50 22 API calls 97187->97225 97188 af2fcd 97223 af3084 22 API calls 97188->97223 97191 af3006 97226 af70b0 23 API calls 97191->97226 97195 af3021 97196 af3065 97195->97196 97227 af6f88 22 API calls 97195->97227 97228 af70b0 23 API calls 97195->97228 97229 af3084 22 API calls 97195->97229 97199 af4af0 __wsopen_s 97198->97199 97200 af6b57 22 API calls 97199->97200 97201 af4b22 97199->97201 97200->97201 97208 af4b58 97201->97208 97237 af4c6d 97201->97237 97203 af4c6d 22 API calls 97203->97208 97204 af9cb3 22 API calls 97206 af4c52 97204->97206 97205 af9cb3 22 API calls 97205->97208 97207 af515f 22 API calls 97206->97207 97210 af4c5e 97207->97210 97208->97203 97208->97205 97209 af515f 22 API calls 97208->97209 97211 af4c29 97208->97211 97209->97208 97210->97123 97211->97204 97211->97210 97212->97137 97213->97139 97214->97146 97215->97155 97216->97163 97217->97167 97218->97172 97219->97177 97220->97181 97221->97184 97222->97188 97223->97180 97224->97187 97225->97191 97226->97195 97227->97195 97228->97195 97229->97195 97230->97147 97231->97151 97232->97158 97233->97162 97234->97166 97235->97171 97236->97175 97238 afaec9 22 API calls 97237->97238 97239 af4c78 97238->97239 97239->97201 97240 af3156 97243 af3170 97240->97243 97244 af3187 97243->97244 97245 af318c 97244->97245 97246 af31eb 97244->97246 97283 af31e9 97244->97283 97250 af3199 97245->97250 97251 af3265 PostQuitMessage 97245->97251 97248 b32dfb 97246->97248 97249 af31f1 97246->97249 97247 af31d0 DefWindowProcW 97285 af316a 97247->97285 97291 af18e2 10 API calls 97248->97291 97252 af321d SetTimer RegisterWindowMessageW 97249->97252 97253 af31f8 97249->97253 97255 af31a4 97250->97255 97256 b32e7c 97250->97256 97251->97285 97261 af3246 CreatePopupMenu 97252->97261 97252->97285 97258 af3201 KillTimer 97253->97258 97259 b32d9c 97253->97259 97262 af31ae 97255->97262 97263 b32e68 97255->97263 97295 b5bf30 34 API calls ___scrt_fastfail 97256->97295 97269 af30f2 Shell_NotifyIconW 97258->97269 97267 b32da1 97259->97267 97268 b32dd7 MoveWindow 97259->97268 97260 b32e1c 97292 b0e499 42 API calls 97260->97292 97261->97285 97264 af31b9 97262->97264 97265 b32e4d 97262->97265 97294 b5c161 27 API calls ___scrt_fastfail 97263->97294 97272 af3253 97264->97272 97277 af31c4 97264->97277 97265->97247 97293 b50ad7 22 API calls 97265->97293 97266 b32e8e 97266->97247 97266->97285 97273 b32da7 97267->97273 97274 b32dc6 SetFocus 97267->97274 97268->97285 97275 af3214 97269->97275 97289 af326f 44 API calls ___scrt_fastfail 97272->97289 97273->97277 97278 b32db0 97273->97278 97274->97285 97288 af3c50 DeleteObject DestroyWindow 97275->97288 97277->97247 97284 af30f2 Shell_NotifyIconW 97277->97284 97290 af18e2 10 API calls 97278->97290 97281 af3263 97281->97285 97283->97247 97286 b32e41 97284->97286 97287 af3837 49 API calls 97286->97287 97287->97283 97288->97285 97289->97281 97290->97285 97291->97260 97292->97277 97293->97283 97294->97281 97295->97266 97296 af1033 97301 af4c91 97296->97301 97300 af1042 97302 afa961 22 API calls 97301->97302 97303 af4cff 97302->97303 97309 af3af0 97303->97309 97306 af4d9c 97307 af1038 97306->97307 97312 af51f7 22 API calls __fread_nolock 97306->97312 97308 b100a3 29 API calls __onexit 97307->97308 97308->97300 97313 af3b1c 97309->97313 97312->97306 97314 af3b0f 97313->97314 97315 af3b29 97313->97315 97314->97306 97315->97314 97316 af3b30 RegOpenKeyExW 97315->97316 97316->97314 97317 af3b4a RegQueryValueExW 97316->97317 97318 af3b6b 97317->97318 97319 af3b80 RegCloseKey 97317->97319 97318->97319 97319->97314

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 237 af42de-af434d call afa961 GetVersionExW call af6b57 242 b33617-b3362a 237->242 243 af4353 237->243 244 b3362b-b3362f 242->244 245 af4355-af4357 243->245 246 b33632-b3363e 244->246 247 b33631 244->247 248 af435d-af43bc call af93b2 call af37a0 245->248 249 b33656 245->249 246->244 250 b33640-b33642 246->250 247->246 266 b337df-b337e6 248->266 267 af43c2-af43c4 248->267 253 b3365d-b33660 249->253 250->245 252 b33648-b3364f 250->252 252->242 255 b33651 252->255 256 af441b-af4435 GetCurrentProcess IsWow64Process 253->256 257 b33666-b336a8 253->257 255->249 259 af4437 256->259 260 af4494-af449a 256->260 257->256 261 b336ae-b336b1 257->261 263 af443d-af4449 259->263 260->263 264 b336b3-b336bd 261->264 265 b336db-b336e5 261->265 273 af444f-af445e LoadLibraryA 263->273 274 b33824-b33828 GetSystemInfo 263->274 275 b336ca-b336d6 264->275 276 b336bf-b336c5 264->276 269 b336e7-b336f3 265->269 270 b336f8-b33702 265->270 271 b33806-b33809 266->271 272 b337e8 266->272 267->253 268 af43ca-af43dd 267->268 277 b33726-b3372f 268->277 278 af43e3-af43e5 268->278 269->256 280 b33715-b33721 270->280 281 b33704-b33710 270->281 282 b337f4-b337fc 271->282 283 b3380b-b3381a 271->283 279 b337ee 272->279 284 af449c-af44a6 GetSystemInfo 273->284 285 af4460-af446e GetProcAddress 273->285 275->256 276->256 289 b33731-b33737 277->289 290 b3373c-b33748 277->290 287 af43eb-af43ee 278->287 288 b3374d-b33762 278->288 279->282 280->256 281->256 282->271 283->279 291 b3381c-b33822 283->291 286 af4476-af4478 284->286 285->284 292 af4470-af4474 GetNativeSystemInfo 285->292 297 af447a-af447b FreeLibrary 286->297 298 af4481-af4493 286->298 293 b33791-b33794 287->293 294 af43f4-af440f 287->294 295 b33764-b3376a 288->295 296 b3376f-b3377b 288->296 289->256 290->256 291->282 292->286 293->256 301 b3379a-b337c1 293->301 299 b33780-b3378c 294->299 300 af4415 294->300 295->256 296->256 297->298 299->256 300->256 302 b337c3-b337c9 301->302 303 b337ce-b337da 301->303 302->256 303->256
                                                                            APIs
                                                                            • GetVersionExW.KERNEL32(?), ref: 00AF430D
                                                                              • Part of subcall function 00AF6B57: _wcslen.LIBCMT ref: 00AF6B6A
                                                                            • GetCurrentProcess.KERNEL32(?,00B8CB64,00000000,?,?), ref: 00AF4422
                                                                            • IsWow64Process.KERNEL32(00000000,?,?), ref: 00AF4429
                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00AF4454
                                                                            • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00AF4466
                                                                            • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00AF4474
                                                                            • FreeLibrary.KERNEL32(00000000,?,?), ref: 00AF447B
                                                                            • GetSystemInfo.KERNEL32(?,?,?), ref: 00AF44A0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                            • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                            • API String ID: 3290436268-3101561225
                                                                            • Opcode ID: 492287be3fa166c7644b2843276b1b9773a33f6e5310df7387e516abc4f58158
                                                                            • Instruction ID: abb0ea79bba9654e9475d746df4376f99afbd35f0c47b40ac9b5800a12774f30
                                                                            • Opcode Fuzzy Hash: 492287be3fa166c7644b2843276b1b9773a33f6e5310df7387e516abc4f58158
                                                                            • Instruction Fuzzy Hash: 99A1957191A2C4EFC712D7AD7C559A63FE46BEF708B145D99E081B3A23DA304904CB29

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 641 af42a2-af42ba CreateStreamOnHGlobal 642 af42bc-af42d3 FindResourceExW 641->642 643 af42da-af42dd 641->643 644 af42d9 642->644 645 b335ba-b335c9 LoadResource 642->645 644->643 645->644 646 b335cf-b335dd SizeofResource 645->646 646->644 647 b335e3-b335ee LockResource 646->647 647->644 648 b335f4-b33612 647->648 648->644
                                                                            APIs
                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00AF50AA,?,?,00000000,00000000), ref: 00AF42B2
                                                                            • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00AF50AA,?,?,00000000,00000000), ref: 00AF42C9
                                                                            • LoadResource.KERNEL32(?,00000000,?,?,00AF50AA,?,?,00000000,00000000,?,?,?,?,?,?,00AF4F20), ref: 00B335BE
                                                                            • SizeofResource.KERNEL32(?,00000000,?,?,00AF50AA,?,?,00000000,00000000,?,?,?,?,?,?,00AF4F20), ref: 00B335D3
                                                                            • LockResource.KERNEL32(00AF50AA,?,?,00AF50AA,?,?,00000000,00000000,?,?,?,?,?,?,00AF4F20,?), ref: 00B335E6
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                            • String ID: SCRIPT
                                                                            • API String ID: 3051347437-3967369404
                                                                            • Opcode ID: 29fca9c8bc01bcc175ed22f3bd4c23dec0f420a14a2237b44306dc276ff09513
                                                                            • Instruction ID: f6ae3d33a620e0016b62451247bd499681625f1d00c2e47f779759e68814cd05
                                                                            • Opcode Fuzzy Hash: 29fca9c8bc01bcc175ed22f3bd4c23dec0f420a14a2237b44306dc276ff09513
                                                                            • Instruction Fuzzy Hash: 93113CB1200B05BFD7218FA5DC49F677FB9EBC9B51F244169B502966A0DB71D800CB70

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00AF2B6B
                                                                              • Part of subcall function 00AF3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00BC1418,?,00AF2E7F,?,?,?,00000000), ref: 00AF3A78
                                                                              • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                            • GetForegroundWindow.USER32(runas,?,?,?,?,?,00BB2224), ref: 00B32C10
                                                                            • ShellExecuteW.SHELL32(00000000,?,?,00BB2224), ref: 00B32C17
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                            • String ID: runas
                                                                            • API String ID: 448630720-4000483414
                                                                            • Opcode ID: 04d7448fbe968582df5512be809b8bd988158e0223d7b20f777c57ca559096b6
                                                                            • Instruction ID: 7218c2c4559847de0bddb94b83724e39ebd77984443a97b9d7dd23597db756ca
                                                                            • Opcode Fuzzy Hash: 04d7448fbe968582df5512be809b8bd988158e0223d7b20f777c57ca559096b6
                                                                            • Instruction Fuzzy Hash: 4211D2321083096ACB15FFA4D952EBEBBE49B91340F04086DF682170A3DF71890AD752

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 00B5D501
                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 00B5D50F
                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 00B5D52F
                                                                            • FindCloseChangeNotification.KERNEL32(00000000), ref: 00B5D5DC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                                                                            • String ID:
                                                                            • API String ID: 3243318325-0
                                                                            • Opcode ID: 85774f2f84f7b56c32979b41ebd80b574670653fbea31a8ef18f5f6a009c123f
                                                                            • Instruction ID: e0ca960f0e3061d7186a43f324bc17fa323ee42815526cef6dc5266be59a4cc7
                                                                            • Opcode Fuzzy Hash: 85774f2f84f7b56c32979b41ebd80b574670653fbea31a8ef18f5f6a009c123f
                                                                            • Instruction Fuzzy Hash: 1031A1710083049FD310EF54D885BBFBBE8EF99344F50066DF685971A1EB719A49CBA2

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 910 b5dbbe-b5dbda lstrlenW 911 b5dc06 910->911 912 b5dbdc-b5dbe6 GetFileAttributesW 910->912 913 b5dc09-b5dc0d 911->913 912->913 914 b5dbe8-b5dbf7 FindFirstFileW 912->914 914->911 915 b5dbf9-b5dc04 FindClose 914->915 915->913
                                                                            APIs
                                                                            • lstrlenW.KERNEL32(?,00B35222), ref: 00B5DBCE
                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00B5DBDD
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00B5DBEE
                                                                            • FindClose.KERNEL32(00000000), ref: 00B5DBFA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                            • String ID:
                                                                            • API String ID: 2695905019-0
                                                                            • Opcode ID: d18a1879f89bd0c378741f6dcd884ec273b34edab5c41d2f11ca45f6ff058195
                                                                            • Instruction ID: 3295a0d909d353dcb5a86920371b51b4fea1afd960912d96f4a5769d6c9f06e4
                                                                            • Opcode Fuzzy Hash: d18a1879f89bd0c378741f6dcd884ec273b34edab5c41d2f11ca45f6ff058195
                                                                            • Instruction Fuzzy Hash: E3F0A0708109109782316F78AC4D9AE3BACDE01336B104B82F836C20F0EFB05958C6A5
                                                                            APIs
                                                                            • GetCurrentProcess.KERNEL32(00B228E9,?,00B14CBE,00B228E9,00BB88B8,0000000C,00B14E15,00B228E9,00000002,00000000,?,00B228E9), ref: 00B14D09
                                                                            • TerminateProcess.KERNEL32(00000000,?,00B14CBE,00B228E9,00BB88B8,0000000C,00B14E15,00B228E9,00000002,00000000,?,00B228E9), ref: 00B14D10
                                                                            • ExitProcess.KERNEL32 ref: 00B14D22
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$CurrentExitTerminate
                                                                            • String ID:
                                                                            • API String ID: 1703294689-0
                                                                            • Opcode ID: 27dc829fe0374a9a8a09e1ec24b6aec345bd759c30e66fd1cdce913f40028475
                                                                            • Instruction ID: 88f24935c6819b04d557d3c91a04823526bc0d4049aad49695106498cbee414b
                                                                            • Opcode Fuzzy Hash: 27dc829fe0374a9a8a09e1ec24b6aec345bd759c30e66fd1cdce913f40028475
                                                                            • Instruction Fuzzy Hash: A8E0B671000148ABCF11AF54ED09A983FA9FB42B81B504064FC099B132CB35DD82DB94
                                                                            APIs
                                                                            • GetInputState.USER32 ref: 00AFD807
                                                                            • timeGetTime.WINMM ref: 00AFDA07
                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AFDB28
                                                                            • TranslateMessage.USER32(?), ref: 00AFDB7B
                                                                            • DispatchMessageW.USER32(?), ref: 00AFDB89
                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00AFDB9F
                                                                            • Sleep.KERNEL32(0000000A), ref: 00AFDBB1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                            • String ID:
                                                                            • API String ID: 2189390790-0
                                                                            • Opcode ID: 93b5bd160781a1848ac1bf9cad58120a33c8878d167bd8fb51a01cb547191a03
                                                                            • Instruction ID: 63e287ec898c0ccadccc079e849850cdb82b5f93dc8cb58410a613231af9ca91
                                                                            • Opcode Fuzzy Hash: 93b5bd160781a1848ac1bf9cad58120a33c8878d167bd8fb51a01cb547191a03
                                                                            • Instruction Fuzzy Hash: 0B421230604346DFD72ACF64C884B7ABBE2FF45304F544999F695872A1CB70E944EB92

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00AF2D07
                                                                            • RegisterClassExW.USER32(00000030), ref: 00AF2D31
                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00AF2D42
                                                                            • InitCommonControlsEx.COMCTL32(?), ref: 00AF2D5F
                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00AF2D6F
                                                                            • LoadIconW.USER32(000000A9), ref: 00AF2D85
                                                                            • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00AF2D94
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                            • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                            • API String ID: 2914291525-1005189915
                                                                            • Opcode ID: de126457e343b583e0d93afb53de1574f9d16b06cf836e7f99a67a9993b61227
                                                                            • Instruction ID: 9f9c9d8d0f034eda210f80bae4442c4957e72b77abad48b53a190a96fe26166f
                                                                            • Opcode Fuzzy Hash: de126457e343b583e0d93afb53de1574f9d16b06cf836e7f99a67a9993b61227
                                                                            • Instruction Fuzzy Hash: 1C21B2B5901218AFDB00DFA8EC49A9DBFB8FB09704F10851AE511B72A1DBB14544CFA5

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 305 b3065b-b3068b call b3042f 308 b306a6-b306b2 call b25221 305->308 309 b3068d-b30698 call b1f2c6 305->309 314 b306b4-b306c9 call b1f2c6 call b1f2d9 308->314 315 b306cb-b30714 call b3039a 308->315 316 b3069a-b306a1 call b1f2d9 309->316 314->316 324 b30781-b3078a GetFileType 315->324 325 b30716-b3071f 315->325 326 b3097d-b30983 316->326 327 b307d3-b307d6 324->327 328 b3078c-b307bd GetLastError call b1f2a3 CloseHandle 324->328 330 b30721-b30725 325->330 331 b30756-b3077c GetLastError call b1f2a3 325->331 333 b307d8-b307dd 327->333 334 b307df-b307e5 327->334 328->316 342 b307c3-b307ce call b1f2d9 328->342 330->331 335 b30727-b30754 call b3039a 330->335 331->316 338 b307e9-b30837 call b2516a 333->338 334->338 339 b307e7 334->339 335->324 335->331 348 b30847-b3086b call b3014d 338->348 349 b30839-b30845 call b305ab 338->349 339->338 342->316 355 b3087e-b308c1 348->355 356 b3086d 348->356 349->348 354 b3086f-b30879 call b286ae 349->354 354->326 358 b308c3-b308c7 355->358 359 b308e2-b308f0 355->359 356->354 358->359 361 b308c9-b308dd 358->361 362 b308f6-b308fa 359->362 363 b3097b 359->363 361->359 362->363 364 b308fc-b3092f CloseHandle call b3039a 362->364 363->326 367 b30963-b30977 364->367 368 b30931-b3095d GetLastError call b1f2a3 call b25333 364->368 367->363 368->367
                                                                            APIs
                                                                              • Part of subcall function 00B3039A: CreateFileW.KERNEL32(00000000,00000000,?,00B30704,?,?,00000000,?,00B30704,00000000,0000000C), ref: 00B303B7
                                                                            • GetLastError.KERNEL32 ref: 00B3076F
                                                                            • __dosmaperr.LIBCMT ref: 00B30776
                                                                            • GetFileType.KERNEL32(00000000), ref: 00B30782
                                                                            • GetLastError.KERNEL32 ref: 00B3078C
                                                                            • __dosmaperr.LIBCMT ref: 00B30795
                                                                            • CloseHandle.KERNEL32(00000000), ref: 00B307B5
                                                                            • CloseHandle.KERNEL32(?), ref: 00B308FF
                                                                            • GetLastError.KERNEL32 ref: 00B30931
                                                                            • __dosmaperr.LIBCMT ref: 00B30938
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                            • String ID: H
                                                                            • API String ID: 4237864984-2852464175
                                                                            • Opcode ID: 405381f633c19402c286c188c0b8de4a0fa7a325c81b2b342346ca2d95123c57
                                                                            • Instruction ID: a52854ae45fc2fb27bb83c3deb93b22cafd268e8645982781f0b8934108f81e5
                                                                            • Opcode Fuzzy Hash: 405381f633c19402c286c188c0b8de4a0fa7a325c81b2b342346ca2d95123c57
                                                                            • Instruction Fuzzy Hash: 22A1F832A241198FDF19BF68D861BAD7BE0EF4A320F24019DF8159B291DB319D52CB91

                                                                            Control-flow Graph

                                                                            APIs
                                                                              • Part of subcall function 00AF3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00BC1418,?,00AF2E7F,?,?,?,00000000), ref: 00AF3A78
                                                                              • Part of subcall function 00AF3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00AF3379
                                                                            • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00AF356A
                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00B3318D
                                                                            • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00B331CE
                                                                            • RegCloseKey.ADVAPI32(?), ref: 00B33210
                                                                            • _wcslen.LIBCMT ref: 00B33277
                                                                            • _wcslen.LIBCMT ref: 00B33286
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                            • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                            • API String ID: 98802146-2727554177
                                                                            • Opcode ID: 2fdaf3c6cf292ebc14d781e900869dce1d9f033836caf038c95cc5a269ec7581
                                                                            • Instruction ID: 770b4ff5595a04a50fbff19bd4cf3c4de2823b5ec03068297eee79b16b59ce0f
                                                                            • Opcode Fuzzy Hash: 2fdaf3c6cf292ebc14d781e900869dce1d9f033836caf038c95cc5a269ec7581
                                                                            • Instruction Fuzzy Hash: F9718B725043459EC314EFA5DC82DABBBE8FF88740F50096EF585831A0EF749A48CB66

                                                                            Control-flow Graph

                                                                            APIs
                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00AF2B8E
                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00AF2B9D
                                                                            • LoadIconW.USER32(00000063), ref: 00AF2BB3
                                                                            • LoadIconW.USER32(000000A4), ref: 00AF2BC5
                                                                            • LoadIconW.USER32(000000A2), ref: 00AF2BD7
                                                                            • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00AF2BEF
                                                                            • RegisterClassExW.USER32(?), ref: 00AF2C40
                                                                              • Part of subcall function 00AF2CD4: GetSysColorBrush.USER32(0000000F), ref: 00AF2D07
                                                                              • Part of subcall function 00AF2CD4: RegisterClassExW.USER32(00000030), ref: 00AF2D31
                                                                              • Part of subcall function 00AF2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00AF2D42
                                                                              • Part of subcall function 00AF2CD4: InitCommonControlsEx.COMCTL32(?), ref: 00AF2D5F
                                                                              • Part of subcall function 00AF2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00AF2D6F
                                                                              • Part of subcall function 00AF2CD4: LoadIconW.USER32(000000A9), ref: 00AF2D85
                                                                              • Part of subcall function 00AF2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00AF2D94
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                            • String ID: #$0$AutoIt v3
                                                                            • API String ID: 423443420-4155596026
                                                                            • Opcode ID: b94d591046be59c19cabc9e763e025098234ef80094473a0a72745898f4cde77
                                                                            • Instruction ID: eb7b1828f69cc8ac784a15a728a53b93a07aa46f93f7c17b8a02f9e58cf61a57
                                                                            • Opcode Fuzzy Hash: b94d591046be59c19cabc9e763e025098234ef80094473a0a72745898f4cde77
                                                                            • Instruction Fuzzy Hash: 692128B5A00358ABDB10DFA9EC45EA97FB4FB8DB54F00041AE600B76A1DBB54950CF98

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 446 af3170-af3185 447 af3187-af318a 446->447 448 af31e5-af31e7 446->448 450 af318c-af3193 447->450 451 af31eb 447->451 448->447 449 af31e9 448->449 452 af31d0-af31d8 DefWindowProcW 449->452 455 af3199-af319e 450->455 456 af3265-af326d PostQuitMessage 450->456 453 b32dfb-b32e23 call af18e2 call b0e499 451->453 454 af31f1-af31f6 451->454 457 af31de-af31e4 452->457 489 b32e28-b32e2f 453->489 459 af321d-af3244 SetTimer RegisterWindowMessageW 454->459 460 af31f8-af31fb 454->460 462 af31a4-af31a8 455->462 463 b32e7c-b32e90 call b5bf30 455->463 458 af3219-af321b 456->458 458->457 459->458 468 af3246-af3251 CreatePopupMenu 459->468 465 af3201-af320f KillTimer call af30f2 460->465 466 b32d9c-b32d9f 460->466 469 af31ae-af31b3 462->469 470 b32e68-b32e77 call b5c161 462->470 463->458 482 b32e96 463->482 486 af3214 call af3c50 465->486 474 b32da1-b32da5 466->474 475 b32dd7-b32df6 MoveWindow 466->475 468->458 471 af31b9-af31be 469->471 472 b32e4d-b32e54 469->472 470->458 480 af31c4-af31ca 471->480 481 af3253-af3263 call af326f 471->481 472->452 485 b32e5a-b32e63 call b50ad7 472->485 483 b32da7-b32daa 474->483 484 b32dc6-b32dd2 SetFocus 474->484 475->458 480->452 480->489 481->458 482->452 483->480 490 b32db0-b32dc1 call af18e2 483->490 484->458 485->452 486->458 489->452 494 b32e35-b32e48 call af30f2 call af3837 489->494 490->458 494->452
                                                                            APIs
                                                                            • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00AF316A,?,?), ref: 00AF31D8
                                                                            • KillTimer.USER32(?,00000001,?,?,?,?,?,00AF316A,?,?), ref: 00AF3204
                                                                            • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00AF3227
                                                                            • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00AF316A,?,?), ref: 00AF3232
                                                                            • CreatePopupMenu.USER32 ref: 00AF3246
                                                                            • PostQuitMessage.USER32(00000000), ref: 00AF3267
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                            • String ID: TaskbarCreated
                                                                            • API String ID: 129472671-2362178303
                                                                            • Opcode ID: 795c8ead32d44a9d87d748e7ed7f03ead95da41af3ad2aa5f40a81b0e1ae5e8c
                                                                            • Instruction ID: fa02c57b1964801746d53e2662ff1c07d4c4fb1f46133ac369abed83b4e1a43d
                                                                            • Opcode Fuzzy Hash: 795c8ead32d44a9d87d748e7ed7f03ead95da41af3ad2aa5f40a81b0e1ae5e8c
                                                                            • Instruction Fuzzy Hash: 60412937240208A6DF142FFC9D09FB93AA5E75A344F140569FB16972A2CF71CE41C7A5

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 502 af1410-af1449 503 af144f-af1465 mciSendStringW 502->503 504 b324b8-b324b9 DestroyWindow 502->504 505 af146b-af1473 503->505 506 af16c6-af16d3 503->506 507 b324c4-b324d1 504->507 505->507 508 af1479-af1488 call af182e 505->508 509 af16f8-af16ff 506->509 510 af16d5-af16f0 UnregisterHotKey 506->510 513 b324d3-b324d6 507->513 514 b32500-b32507 507->514 522 af148e-af1496 508->522 523 b3250e-b3251a 508->523 509->505 512 af1705 509->512 510->509 511 af16f2-af16f3 call af10d0 510->511 511->509 512->506 518 b324e2-b324e5 FindClose 513->518 519 b324d8-b324e0 call af6246 513->519 514->507 517 b32509 514->517 517->523 521 b324eb-b324f8 518->521 519->521 521->514 525 b324fa-b324fb call b632b1 521->525 526 b32532-b3253f 522->526 527 af149c-af14c1 call afcfa0 522->527 528 b32524-b3252b 523->528 529 b3251c-b3251e FreeLibrary 523->529 525->514 534 b32541-b3255e VirtualFree 526->534 535 b32566-b3256d 526->535 539 af14f8-af1503 OleUninitialize 527->539 540 af14c3 527->540 528->523 533 b3252d 528->533 529->528 533->526 534->535 538 b32560-b32561 call b63317 534->538 535->526 536 b3256f 535->536 542 b32574-b32578 536->542 538->535 539->542 544 af1509-af150e 539->544 543 af14c6-af14f6 call af1a05 call af19ae 540->543 542->544 545 b3257e-b32584 542->545 543->539 547 b32589-b32596 call b632eb 544->547 548 af1514-af151e 544->548 545->544 560 b32598 547->560 551 af1707-af1714 call b0f80e 548->551 552 af1524-af15a5 call af988f call af1944 call af17d5 call b0fe14 call af177c call af988f call afcfa0 call af17fe call b0fe14 548->552 551->552 563 af171a 551->563 565 b3259d-b325bf call b0fdcd 552->565 591 af15ab-af15cf call b0fe14 552->591 560->565 563->551 571 b325c1 565->571 573 b325c6-b325e8 call b0fdcd 571->573 579 b325ea 573->579 582 b325ef-b32611 call b0fdcd 579->582 588 b32613 582->588 592 b32618-b32625 call b564d4 588->592 591->573 597 af15d5-af15f9 call b0fe14 591->597 598 b32627 592->598 597->582 603 af15ff-af1619 call b0fe14 597->603 601 b3262c-b32639 call b0ac64 598->601 606 b3263b 601->606 603->592 608 af161f-af1643 call af17d5 call b0fe14 603->608 609 b32640-b3264d call b63245 606->609 608->601 617 af1649-af1651 608->617 615 b3264f 609->615 618 b32654-b32661 call b632cc 615->618 617->609 619 af1657-af1675 call af988f call af190a 617->619 625 b32663 618->625 619->618 627 af167b-af1689 619->627 628 b32668-b32675 call b632cc 625->628 627->628 629 af168f-af16c5 call af988f * 3 call af1876 627->629 633 b32677 628->633 633->633
                                                                            APIs
                                                                            • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00AF1459
                                                                            • OleUninitialize.OLE32(?,00000000), ref: 00AF14F8
                                                                            • UnregisterHotKey.USER32(?), ref: 00AF16DD
                                                                            • DestroyWindow.USER32(?), ref: 00B324B9
                                                                            • FreeLibrary.KERNEL32(?), ref: 00B3251E
                                                                            • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00B3254B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                            • String ID: close all
                                                                            • API String ID: 469580280-3243417748
                                                                            • Opcode ID: f76676f09197b2bc51574d6c8df48afa911f9629622aa06d7d04f307ac1a53c7
                                                                            • Instruction ID: 737a2c24a92cc7cc6667c62bcc7a3ac4c0ff11c04621f3ec73c1d50ccfacb355
                                                                            • Opcode Fuzzy Hash: f76676f09197b2bc51574d6c8df48afa911f9629622aa06d7d04f307ac1a53c7
                                                                            • Instruction Fuzzy Hash: 9CD14871701212CFCB29EF55C999A29F7A0BF05740F2542EDE64AAB261DB30AD12CF91

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 651 af2c63-af2cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                            APIs
                                                                            • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00AF2C91
                                                                            • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00AF2CB2
                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00AF1CAD,?), ref: 00AF2CC6
                                                                            • ShowWindow.USER32(00000000,?,?,?,?,?,?,00AF1CAD,?), ref: 00AF2CCF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$CreateShow
                                                                            • String ID: AutoIt v3$edit
                                                                            • API String ID: 1584632944-3779509399
                                                                            • Opcode ID: c461fd3c48b5f864ab818fd9714e07fbf1a44c2feb2c4ae721d4a4c0e3063449
                                                                            • Instruction ID: 2ddcedbfb9c639e913a22e9e769842f4892801cb07ac4eb5a432bafd16fac350
                                                                            • Opcode Fuzzy Hash: c461fd3c48b5f864ab818fd9714e07fbf1a44c2feb2c4ae721d4a4c0e3063449
                                                                            • Instruction Fuzzy Hash: 1FF0D4B56402D07AEB311B2BAC08E772EBDD7CBF64B01049AF904A35B1CA751850DAB8

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 766 b7ad64-b7ad9c call afa961 call b12340 771 b7add1-b7add5 766->771 772 b7ad9e-b7adb5 call af7510 766->772 773 b7add7-b7adee call af7510 call af7620 771->773 774 b7adf1-b7adf5 771->774 772->771 783 b7adb7-b7adce call af7510 call af7620 772->783 773->774 777 b7adf7-b7ae0e call af7510 774->777 778 b7ae3a 774->778 781 b7ae3c-b7ae40 777->781 792 b7ae10-b7ae21 call af9b47 777->792 778->781 785 b7ae53-b7aeae call b12340 call af7510 ShellExecuteExW 781->785 786 b7ae42-b7ae50 call afb567 781->786 783->771 804 b7aeb7-b7aeb9 785->804 805 b7aeb0-b7aeb6 call b0fe14 785->805 786->785 792->778 802 b7ae23-b7ae2e call af7510 792->802 802->778 811 b7ae30-b7ae35 call afa8c7 802->811 807 b7aec2-b7aec6 804->807 808 b7aebb-b7aec1 call b0fe14 804->808 805->804 813 b7af0a-b7af0e 807->813 814 b7aec8-b7aed6 807->814 808->807 811->778 819 b7af10-b7af19 813->819 820 b7af1b-b7af33 call afcfa0 813->820 817 b7aedb-b7aeeb 814->817 818 b7aed8 814->818 822 b7aef0-b7af08 call afcfa0 817->822 823 b7aeed 817->823 818->817 824 b7af6d-b7af7b call af988f 819->824 820->824 828 b7af35-b7af46 GetProcessId 820->828 822->824 823->822 831 b7af4e-b7af67 call afcfa0 CloseHandle 828->831 832 b7af48 828->832 831->824 832->831
                                                                            APIs
                                                                            • ShellExecuteExW.SHELL32(0000003C), ref: 00B7AEA3
                                                                              • Part of subcall function 00AF7620: _wcslen.LIBCMT ref: 00AF7625
                                                                            • GetProcessId.KERNEL32(00000000), ref: 00B7AF38
                                                                            • CloseHandle.KERNEL32(00000000), ref: 00B7AF67
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                            • String ID: <$@
                                                                            • API String ID: 146682121-1426351568
                                                                            • Opcode ID: 8fa45b94ca248677ab2d5d94323e379a57a07804f7015ff48cb2e17ef61e5ead
                                                                            • Instruction ID: 03e3a7398cf660a70e4d56f67be8bbd49b5bbd8fa8fa5793fa043f919b18ed83
                                                                            • Opcode Fuzzy Hash: 8fa45b94ca248677ab2d5d94323e379a57a07804f7015ff48cb2e17ef61e5ead
                                                                            • Instruction Fuzzy Hash: 25716D71A00619DFCB14DF94C584AAEBBF0FF48314F148499E86AAB3A2C774ED45CB91

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 871 af3b1c-af3b27 872 af3b99-af3b9b 871->872 873 af3b29-af3b2e 871->873 874 af3b8c-af3b8f 872->874 873->872 875 af3b30-af3b48 RegOpenKeyExW 873->875 875->872 876 af3b4a-af3b69 RegQueryValueExW 875->876 877 af3b6b-af3b76 876->877 878 af3b80-af3b8b RegCloseKey 876->878 879 af3b78-af3b7a 877->879 880 af3b90-af3b97 877->880 878->874 881 af3b7e 879->881 880->881 881->878
                                                                            APIs
                                                                            • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00AF3B0F,SwapMouseButtons,00000004,?), ref: 00AF3B40
                                                                            • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00AF3B0F,SwapMouseButtons,00000004,?), ref: 00AF3B61
                                                                            • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00AF3B0F,SwapMouseButtons,00000004,?), ref: 00AF3B83
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseOpenQueryValue
                                                                            • String ID: Control Panel\Mouse
                                                                            • API String ID: 3677997916-824357125
                                                                            • Opcode ID: 5f79c5da29d13c25e92956a27f5b4214874c7955b33806e638e942bb93e50308
                                                                            • Instruction ID: 6e90b99bade49693dc89a345d729ef360be93ef1ec718958555d793c95693f2b
                                                                            • Opcode Fuzzy Hash: 5f79c5da29d13c25e92956a27f5b4214874c7955b33806e638e942bb93e50308
                                                                            • Instruction Fuzzy Hash: 58112AB6511209FFDF218FA5DC54ABEBBB8EF04784B10445AB906D7120D6719E409760
                                                                            APIs
                                                                            • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00B333A2
                                                                              • Part of subcall function 00AF6B57: _wcslen.LIBCMT ref: 00AF6B6A
                                                                            • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00AF3A04
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconLoadNotifyShell_String_wcslen
                                                                            • String ID: Line:
                                                                            • API String ID: 2289894680-1585850449
                                                                            • Opcode ID: c8055e16f3116633c8a0d9e719ba214a896814e840d940f64586b5a6369d7057
                                                                            • Instruction ID: 3ef75aee57dcde96155062d4302329fa540fa947cae0f71a42d904cb9d012839
                                                                            • Opcode Fuzzy Hash: c8055e16f3116633c8a0d9e719ba214a896814e840d940f64586b5a6369d7057
                                                                            • Instruction Fuzzy Hash: FB312672408308AAC721EB54DC45FFBB7E8AB85754F10496EF69993091DF709A48C7C6
                                                                            APIs
                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00B10668
                                                                              • Part of subcall function 00B132A4: RaiseException.KERNEL32(?,?,?,00B1068A,?,00BC1444,?,?,?,?,?,?,00B1068A,00AF1129,00BB8738,00AF1129), ref: 00B13304
                                                                            • __CxxThrowException@8.LIBVCRUNTIME ref: 00B10685
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Exception@8Throw$ExceptionRaise
                                                                            • String ID: Unknown exception
                                                                            • API String ID: 3476068407-410509341
                                                                            • Opcode ID: a3c6735ba6aa635ea325742791a28b2c4e8b6540136762f78df2f7d7352b13fe
                                                                            • Instruction ID: 8736afd89de85dd36f93123c5b76f2f62057e2c98143d1a1290249cbaf27c1f7
                                                                            • Opcode Fuzzy Hash: a3c6735ba6aa635ea325742791a28b2c4e8b6540136762f78df2f7d7352b13fe
                                                                            • Instruction Fuzzy Hash: 05F0683490020DB7CB14B664D886CED7BED9E40750BE045F1B914959E5EFB1DAD5C6C0
                                                                            APIs
                                                                              • Part of subcall function 00AF1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00AF1BF4
                                                                              • Part of subcall function 00AF1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00AF1BFC
                                                                              • Part of subcall function 00AF1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00AF1C07
                                                                              • Part of subcall function 00AF1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00AF1C12
                                                                              • Part of subcall function 00AF1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00AF1C1A
                                                                              • Part of subcall function 00AF1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00AF1C22
                                                                              • Part of subcall function 00AF1B4A: RegisterWindowMessageW.USER32(00000004,?,00AF12C4), ref: 00AF1BA2
                                                                            • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00AF136A
                                                                            • OleInitialize.OLE32 ref: 00AF1388
                                                                            • CloseHandle.KERNEL32(00000000,00000000), ref: 00B324AB
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                            • String ID:
                                                                            • API String ID: 1986988660-0
                                                                            • Opcode ID: 2cd7db40df89d67ee5325919a0000c06fe30dd27116a52a8d10cb9b9ebf91322
                                                                            • Instruction ID: 0f01af25e1470cd4b38db2a16128f101e1fbffc7aa4c670c8104aaa21a1f355d
                                                                            • Opcode Fuzzy Hash: 2cd7db40df89d67ee5325919a0000c06fe30dd27116a52a8d10cb9b9ebf91322
                                                                            • Instruction Fuzzy Hash: 2271AEB59152048EC384EF7DA945E653AE4BBAE3407548AAEE51AF7373EF308401CF54
                                                                            APIs
                                                                            • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,00B285CC,?,00BB8CC8,0000000C), ref: 00B28704
                                                                            • GetLastError.KERNEL32(?,00B285CC,?,00BB8CC8,0000000C), ref: 00B2870E
                                                                            • __dosmaperr.LIBCMT ref: 00B28739
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                            • String ID:
                                                                            • API String ID: 490808831-0
                                                                            • Opcode ID: fe0e93617d448b2bb065138627df96ea771103d5d8943ce4e3b64d9e1753bb43
                                                                            • Instruction ID: 16e10d933db602032e2d7775e25be6aa5c981ef356ea2a5a92789d3ee799c522
                                                                            • Opcode Fuzzy Hash: fe0e93617d448b2bb065138627df96ea771103d5d8943ce4e3b64d9e1753bb43
                                                                            • Instruction Fuzzy Hash: AE012B3260663026D636A234B849B7E6BD98B91775F3902D9F81D8B1E3DEB08C81C294
                                                                            APIs
                                                                            • __Init_thread_footer.LIBCMT ref: 00B017F6
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Init_thread_footer
                                                                            • String ID: CALL
                                                                            • API String ID: 1385522511-4196123274
                                                                            • Opcode ID: ce79cf86203001499d68f82689c3c4d3800466f9e9a5ce45d46574ba4bf41e95
                                                                            • Instruction ID: 72270476490b9335c5f1e23574bdfa34e347d5c046a8acb3f7c19098a941d423
                                                                            • Opcode Fuzzy Hash: ce79cf86203001499d68f82689c3c4d3800466f9e9a5ce45d46574ba4bf41e95
                                                                            • Instruction Fuzzy Hash: AE227A706083419FC718DF18C890A2ABBF1FF99314F1489ADF5968B3A1D772E945CB92
                                                                            APIs
                                                                            • GetOpenFileNameW.COMDLG32(?), ref: 00B32C8C
                                                                              • Part of subcall function 00AF3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AF3A97,?,?,00AF2E7F,?,?,?,00000000), ref: 00AF3AC2
                                                                              • Part of subcall function 00AF2DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00AF2DC4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Name$Path$FileFullLongOpen
                                                                            • String ID: X
                                                                            • API String ID: 779396738-3081909835
                                                                            • Opcode ID: 9faafa51c7d1e751f278d3a8a52b64c2b9f713126c2d7878893310c2de4fb4a7
                                                                            • Instruction ID: fec65e7b309784bbf729c993a8bed41674542d937d864ad259ff5195d1b06f9b
                                                                            • Opcode Fuzzy Hash: 9faafa51c7d1e751f278d3a8a52b64c2b9f713126c2d7878893310c2de4fb4a7
                                                                            • Instruction Fuzzy Hash: B3215171A1029C9FDF01EF98C845BEE7BF8AF49314F104059F505A7241DBB85A898B61
                                                                            APIs
                                                                            • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00AF3908
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconNotifyShell_
                                                                            • String ID:
                                                                            • API String ID: 1144537725-0
                                                                            • Opcode ID: e70be2c36226a3b7e69068961c67ed9221c920ae0baff56df28902f34e0d0b40
                                                                            • Instruction ID: 87ee4876ea6be97f2863cf9c595007ca4cf008f5cfd27f5f788743d06e4fcaeb
                                                                            • Opcode Fuzzy Hash: e70be2c36226a3b7e69068961c67ed9221c920ae0baff56df28902f34e0d0b40
                                                                            • Instruction Fuzzy Hash: 4231F7715043049FD720DF64D884BA7BBF4FF89748F00086EFA9993251D775AA44CB92
                                                                            APIs
                                                                              • Part of subcall function 00AF4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00AF4EDD,?,00BC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AF4E9C
                                                                              • Part of subcall function 00AF4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00AF4EAE
                                                                              • Part of subcall function 00AF4E90: FreeLibrary.KERNEL32(00000000,?,?,00AF4EDD,?,00BC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AF4EC0
                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00BC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AF4EFD
                                                                              • Part of subcall function 00AF4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00B33CDE,?,00BC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AF4E62
                                                                              • Part of subcall function 00AF4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00AF4E74
                                                                              • Part of subcall function 00AF4E59: FreeLibrary.KERNEL32(00000000,?,?,00B33CDE,?,00BC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AF4E87
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Library$Load$AddressFreeProc
                                                                            • String ID:
                                                                            • API String ID: 2632591731-0
                                                                            • Opcode ID: 004fef9b496ae64598715c1747cd367b9b65b844d6e856394832f39970512c48
                                                                            • Instruction ID: 606420d268e394ca2b2d5d173d931b92017b2cf7e1e76f0bc2136defc301a8f9
                                                                            • Opcode Fuzzy Hash: 004fef9b496ae64598715c1747cd367b9b65b844d6e856394832f39970512c48
                                                                            • Instruction Fuzzy Hash: 2811C431610209AADB14BBA4DD02BBE77E5AF44B10F204429F646A71D1DE709A459750
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: __wsopen_s
                                                                            • String ID:
                                                                            • API String ID: 3347428461-0
                                                                            • Opcode ID: bc71b465fd13ec8171353b13784116abbddbfaf3af7663d5570a482dfcffc9ac
                                                                            • Instruction ID: f29dcf9d1fdb709fb1b5bc7f1a2bba27132e509e48b59e2681d5daeb602af795
                                                                            • Opcode Fuzzy Hash: bc71b465fd13ec8171353b13784116abbddbfaf3af7663d5570a482dfcffc9ac
                                                                            • Instruction Fuzzy Hash: 2611187590410AAFCB05DF58E94199A7BF5EF48314F144099F818AB312DA31EA21CBA5
                                                                            APIs
                                                                              • Part of subcall function 00B24C7D: RtlAllocateHeap.NTDLL(00000008,00AF1129,00000000,?,00B22E29,00000001,00000364,?,?,?,00B1F2DE,00B23863,00BC1444,?,00B0FDF5,?), ref: 00B24CBE
                                                                            • _free.LIBCMT ref: 00B2506C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AllocateHeap_free
                                                                            • String ID:
                                                                            • API String ID: 614378929-0
                                                                            • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                            • Instruction ID: 918670f32815741025b7273cef7b8a60ab92dd570c2cf437b3fc24955495ca98
                                                                            • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                            • Instruction Fuzzy Hash: 9C012B722047146BE3318F55AC8195AFBECFB89370F65055DE198832C0E6306805C674
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                            • Instruction ID: d71f8b4dc4f85a3f9d4712e28c63ba4491431a791d0e970d93fa5cbaee0ad21a
                                                                            • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                            • Instruction Fuzzy Hash: C5F0F932511A20A6C6313A65AC05BD633D89F53370F9007E5F835D21D1CB74D88185A5
                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(00000008,00AF1129,00000000,?,00B22E29,00000001,00000364,?,?,?,00B1F2DE,00B23863,00BC1444,?,00B0FDF5,?), ref: 00B24CBE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AllocateHeap
                                                                            • String ID:
                                                                            • API String ID: 1279760036-0
                                                                            • Opcode ID: 2f0315e808d53e480c2d6a6271c3389b12926f3a3b7795f91994eed1dddb933b
                                                                            • Instruction ID: 644c1265150c258cacb2f763bfde6e76e8e21bab760ef3d793eed78cf5f1d28c
                                                                            • Opcode Fuzzy Hash: 2f0315e808d53e480c2d6a6271c3389b12926f3a3b7795f91994eed1dddb933b
                                                                            • Instruction Fuzzy Hash: 14F0E931602234A7DB216F6AFC09F9B37C8FF417A0B1442A1B81DE7A95CF70D84186E0
                                                                            APIs
                                                                            • RtlAllocateHeap.NTDLL(00000000,?,00BC1444,?,00B0FDF5,?,?,00AFA976,00000010,00BC1440,00AF13FC,?,00AF13C6,?,00AF1129), ref: 00B23852
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AllocateHeap
                                                                            • String ID:
                                                                            • API String ID: 1279760036-0
                                                                            • Opcode ID: 8e599c25a3c5fa8b6dea1508b5a80397753fdd1be2587b15aa49372c070b91f8
                                                                            • Instruction ID: b8ff40f30089934d34a13912a09be83ea9c4de9a71cf1aa4cce7811673a0bed4
                                                                            • Opcode Fuzzy Hash: 8e599c25a3c5fa8b6dea1508b5a80397753fdd1be2587b15aa49372c070b91f8
                                                                            • Instruction Fuzzy Hash: 6EE0E532100234A6D6212666BC44BDA37D9EB42FB0F1600A0BD0DAE591DB29DD4183E1
                                                                            APIs
                                                                            • FreeLibrary.KERNEL32(?,?,00BC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AF4F6D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FreeLibrary
                                                                            • String ID:
                                                                            • API String ID: 3664257935-0
                                                                            • Opcode ID: e384ab0ecc5026966666063c9074dd8bd012451de2319624caef069e397fb6fe
                                                                            • Instruction ID: 199c06c29386f9246bfc9d67e85a9ba3e41f2d941dff6118b143828204699894
                                                                            • Opcode Fuzzy Hash: e384ab0ecc5026966666063c9074dd8bd012451de2319624caef069e397fb6fe
                                                                            • Instruction Fuzzy Hash: D1F01571505756CFDB349FA4D494823BBF4AF18729320896EF2EE83621CB319888DB10
                                                                            APIs
                                                                            • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00AF314E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconNotifyShell_
                                                                            • String ID:
                                                                            • API String ID: 1144537725-0
                                                                            • Opcode ID: 0cc745ebd8844e20e4642b8b4cf80fc4dccf4a96d0d012e6378ef9538a9d2bc6
                                                                            • Instruction ID: 6bb0040d621a26eaeedc07220b7926b176084ee447f38142264c8c0707dd3996
                                                                            • Opcode Fuzzy Hash: 0cc745ebd8844e20e4642b8b4cf80fc4dccf4a96d0d012e6378ef9538a9d2bc6
                                                                            • Instruction Fuzzy Hash: 75F0A770900348AFEB529B24DC45BD57BFCB74570CF0000E5A648A7292DB704798CF55
                                                                            APIs
                                                                            • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00AF2DC4
                                                                              • Part of subcall function 00AF6B57: _wcslen.LIBCMT ref: 00AF6B6A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LongNamePath_wcslen
                                                                            • String ID:
                                                                            • API String ID: 541455249-0
                                                                            • Opcode ID: 6a46b88caef1011d6c4f9886f8e875fa0302d48cb1d91ab0960d5b36d9ecb706
                                                                            • Instruction ID: db7ef3b6c7e69eca2ad15dfa77d6ef10a874a03351d84dec4effa2309698de65
                                                                            • Opcode Fuzzy Hash: 6a46b88caef1011d6c4f9886f8e875fa0302d48cb1d91ab0960d5b36d9ecb706
                                                                            • Instruction Fuzzy Hash: DEE0CD726001245BC71096989C05FEA77DDDFC8790F0400B1FD09D7258D970AD80C650
                                                                            APIs
                                                                              • Part of subcall function 00AF3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00AF3908
                                                                              • Part of subcall function 00AFD730: GetInputState.USER32 ref: 00AFD807
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00AF2B6B
                                                                              • Part of subcall function 00AF30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00AF314E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                            • String ID:
                                                                            • API String ID: 3667716007-0
                                                                            • Opcode ID: 3a7a8605a8eddab929b79a399b4b0c54e423cf45ffa86e40d968056d9692141a
                                                                            • Instruction ID: 881611ff34ec383f8d8a58477312ac8ee940100e06a8d4e8aeee44288544ed0a
                                                                            • Opcode Fuzzy Hash: 3a7a8605a8eddab929b79a399b4b0c54e423cf45ffa86e40d968056d9692141a
                                                                            • Instruction Fuzzy Hash: 8DE0863370424C06CB08BBF59952A7DA759DBD6352F40197EF74257263CF2485458752
                                                                            APIs
                                                                            • CreateFileW.KERNEL32(00000000,00000000,?,00B30704,?,?,00000000,?,00B30704,00000000,0000000C), ref: 00B303B7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID:
                                                                            • API String ID: 823142352-0
                                                                            • Opcode ID: f120cd12bf3ca830ace66f0f95fdf935a48143d0fea53fc00beb052c2268ca2b
                                                                            • Instruction ID: f408591e16abd2ade773463e69b659b402e39421d222b2c52bb5a10fd41660a8
                                                                            • Opcode Fuzzy Hash: f120cd12bf3ca830ace66f0f95fdf935a48143d0fea53fc00beb052c2268ca2b
                                                                            • Instruction Fuzzy Hash: 10D06C3204010DBBDF029F84DD46EDA3FAAFB48714F014000BE1866020C732E821EB90
                                                                            APIs
                                                                            • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00AF1CBC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: InfoParametersSystem
                                                                            • String ID:
                                                                            • API String ID: 3098949447-0
                                                                            • Opcode ID: f210bbc51a465dc0e77409ded40f8425592461b17f96efb4a57256b1c3c1c02e
                                                                            • Instruction ID: 18e9aed0fb7e117c0f9c567befc47cc40fb243bf762f81fd2b33f8673005be3e
                                                                            • Opcode Fuzzy Hash: f210bbc51a465dc0e77409ded40f8425592461b17f96efb4a57256b1c3c1c02e
                                                                            • Instruction Fuzzy Hash: 82C09B35280304AFF6145784BC4BF517754A39CB04F044401F609675F3CBF11410D754
                                                                            APIs
                                                                              • Part of subcall function 00B09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B09BB2
                                                                            • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00B8961A
                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00B8965B
                                                                            • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00B8969F
                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00B896C9
                                                                            • SendMessageW.USER32 ref: 00B896F2
                                                                            • GetKeyState.USER32(00000011), ref: 00B8978B
                                                                            • GetKeyState.USER32(00000009), ref: 00B89798
                                                                            • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00B897AE
                                                                            • GetKeyState.USER32(00000010), ref: 00B897B8
                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00B897E9
                                                                            • SendMessageW.USER32 ref: 00B89810
                                                                            • SendMessageW.USER32(?,00001030,?,00B87E95), ref: 00B89918
                                                                            • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00B8992E
                                                                            • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00B89941
                                                                            • SetCapture.USER32(?), ref: 00B8994A
                                                                            • ClientToScreen.USER32(?,?), ref: 00B899AF
                                                                            • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00B899BC
                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00B899D6
                                                                            • ReleaseCapture.USER32 ref: 00B899E1
                                                                            • GetCursorPos.USER32(?), ref: 00B89A19
                                                                            • ScreenToClient.USER32(?,?), ref: 00B89A26
                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 00B89A80
                                                                            • SendMessageW.USER32 ref: 00B89AAE
                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00B89AEB
                                                                            • SendMessageW.USER32 ref: 00B89B1A
                                                                            • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00B89B3B
                                                                            • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00B89B4A
                                                                            • GetCursorPos.USER32(?), ref: 00B89B68
                                                                            • ScreenToClient.USER32(?,?), ref: 00B89B75
                                                                            • GetParent.USER32(?), ref: 00B89B93
                                                                            • SendMessageW.USER32(?,00001012,00000000,?), ref: 00B89BFA
                                                                            • SendMessageW.USER32 ref: 00B89C2B
                                                                            • ClientToScreen.USER32(?,?), ref: 00B89C84
                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00B89CB4
                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00B89CDE
                                                                            • SendMessageW.USER32 ref: 00B89D01
                                                                            • ClientToScreen.USER32(?,?), ref: 00B89D4E
                                                                            • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00B89D82
                                                                              • Part of subcall function 00B09944: GetWindowLongW.USER32(?,000000EB), ref: 00B09952
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00B89E05
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                            • String ID: @GUI_DRAGID$F
                                                                            • API String ID: 3429851547-4164748364
                                                                            • Opcode ID: 8d2fa0b3cbd26f28debc918e4d79c919312b318139a612d37c39ef71a97ff7bd
                                                                            • Instruction ID: 90cf1ef38243b1550af55b6deed466d3bd7cd0f00d457044ecb2c0801c57795e
                                                                            • Opcode Fuzzy Hash: 8d2fa0b3cbd26f28debc918e4d79c919312b318139a612d37c39ef71a97ff7bd
                                                                            • Instruction Fuzzy Hash: F8428E74204201AFDB25EF28CC84EBABBE5FF49310F180A99F659972B1EB71D854CB51
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00B848F3
                                                                            • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00B84908
                                                                            • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00B84927
                                                                            • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00B8494B
                                                                            • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00B8495C
                                                                            • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00B8497B
                                                                            • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00B849AE
                                                                            • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00B849D4
                                                                            • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00B84A0F
                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00B84A56
                                                                            • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00B84A7E
                                                                            • IsMenu.USER32(?), ref: 00B84A97
                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00B84AF2
                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00B84B20
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00B84B94
                                                                            • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00B84BE3
                                                                            • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00B84C82
                                                                            • wsprintfW.USER32 ref: 00B84CAE
                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00B84CC9
                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 00B84CF1
                                                                            • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00B84D13
                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00B84D33
                                                                            • GetWindowTextW.USER32(?,00000000,00000001), ref: 00B84D5A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                            • String ID: %d/%02d/%02d
                                                                            • API String ID: 4054740463-328681919
                                                                            • Opcode ID: a84a6c029af5bbbbb05b40a6079deed1c6ddcd35357fbbd3845563b167e026d6
                                                                            • Instruction ID: f983f67e2dcfbdd74d2d8989561497a79c03f34b0fe5e267818be563b8d364c6
                                                                            • Opcode Fuzzy Hash: a84a6c029af5bbbbb05b40a6079deed1c6ddcd35357fbbd3845563b167e026d6
                                                                            • Instruction Fuzzy Hash: 8B12E071600256ABEB24AF28CC49FAE7BF8EF45710F1041A9F51AEB2F1DB749940CB50
                                                                            APIs
                                                                            • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00B0F998
                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00B4F474
                                                                            • IsIconic.USER32(00000000), ref: 00B4F47D
                                                                            • ShowWindow.USER32(00000000,00000009), ref: 00B4F48A
                                                                            • SetForegroundWindow.USER32(00000000), ref: 00B4F494
                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00B4F4AA
                                                                            • GetCurrentThreadId.KERNEL32 ref: 00B4F4B1
                                                                            • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00B4F4BD
                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 00B4F4CE
                                                                            • AttachThreadInput.USER32(?,00000000,00000001), ref: 00B4F4D6
                                                                            • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00B4F4DE
                                                                            • SetForegroundWindow.USER32(00000000), ref: 00B4F4E1
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00B4F4F6
                                                                            • keybd_event.USER32(00000012,00000000), ref: 00B4F501
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00B4F50B
                                                                            • keybd_event.USER32(00000012,00000000), ref: 00B4F510
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00B4F519
                                                                            • keybd_event.USER32(00000012,00000000), ref: 00B4F51E
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00B4F528
                                                                            • keybd_event.USER32(00000012,00000000), ref: 00B4F52D
                                                                            • SetForegroundWindow.USER32(00000000), ref: 00B4F530
                                                                            • AttachThreadInput.USER32(?,000000FF,00000000), ref: 00B4F557
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                            • String ID: Shell_TrayWnd
                                                                            • API String ID: 4125248594-2988720461
                                                                            • Opcode ID: c05f7fb649e9a7d69607a333197fe68b3ea656153a67155cc9b7781ccd451dfa
                                                                            • Instruction ID: d21763c49a51121fb3a6e91996e85d5dd1d4caf5bb8311b7b7d0e7a8097c0723
                                                                            • Opcode Fuzzy Hash: c05f7fb649e9a7d69607a333197fe68b3ea656153a67155cc9b7781ccd451dfa
                                                                            • Instruction Fuzzy Hash: 6131E1B1A40219BAEB216BB55C4AFBF7EACEB44B50F100065F605E71E1DAB15D00EB71
                                                                            APIs
                                                                              • Part of subcall function 00B516C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00B5170D
                                                                              • Part of subcall function 00B516C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00B5173A
                                                                              • Part of subcall function 00B516C3: GetLastError.KERNEL32 ref: 00B5174A
                                                                            • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00B51286
                                                                            • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00B512A8
                                                                            • CloseHandle.KERNEL32(?), ref: 00B512B9
                                                                            • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00B512D1
                                                                            • GetProcessWindowStation.USER32 ref: 00B512EA
                                                                            • SetProcessWindowStation.USER32(00000000), ref: 00B512F4
                                                                            • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00B51310
                                                                              • Part of subcall function 00B510BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00B511FC), ref: 00B510D4
                                                                              • Part of subcall function 00B510BF: CloseHandle.KERNEL32(?,?,00B511FC), ref: 00B510E9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                            • String ID: $default$winsta0
                                                                            • API String ID: 22674027-1027155976
                                                                            • Opcode ID: 2762c39871f51e6a5d4435e2c54620a4413755ca17e938784d1e80f83b994db4
                                                                            • Instruction ID: 1b4f1a3be4028e9de41150e5f25eec2dc5654696d881f8ef4e8b73f65fafdee6
                                                                            • Opcode Fuzzy Hash: 2762c39871f51e6a5d4435e2c54620a4413755ca17e938784d1e80f83b994db4
                                                                            • Instruction Fuzzy Hash: 528179B1900209ABDF219FA8DC49FEE7BF9EF04705F1445A9F910B62A0DB758949CF21
                                                                            APIs
                                                                              • Part of subcall function 00B510F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00B51114
                                                                              • Part of subcall function 00B510F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00B50B9B,?,?,?), ref: 00B51120
                                                                              • Part of subcall function 00B510F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00B50B9B,?,?,?), ref: 00B5112F
                                                                              • Part of subcall function 00B510F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00B50B9B,?,?,?), ref: 00B51136
                                                                              • Part of subcall function 00B510F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00B5114D
                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00B50BCC
                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00B50C00
                                                                            • GetLengthSid.ADVAPI32(?), ref: 00B50C17
                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00B50C51
                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00B50C6D
                                                                            • GetLengthSid.ADVAPI32(?), ref: 00B50C84
                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00B50C8C
                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00B50C93
                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00B50CB4
                                                                            • CopySid.ADVAPI32(00000000), ref: 00B50CBB
                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00B50CEA
                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00B50D0C
                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00B50D1E
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B50D45
                                                                            • HeapFree.KERNEL32(00000000), ref: 00B50D4C
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B50D55
                                                                            • HeapFree.KERNEL32(00000000), ref: 00B50D5C
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B50D65
                                                                            • HeapFree.KERNEL32(00000000), ref: 00B50D6C
                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00B50D78
                                                                            • HeapFree.KERNEL32(00000000), ref: 00B50D7F
                                                                              • Part of subcall function 00B51193: GetProcessHeap.KERNEL32(00000008,00B50BB1,?,00000000,?,00B50BB1,?), ref: 00B511A1
                                                                              • Part of subcall function 00B51193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00B50BB1,?), ref: 00B511A8
                                                                              • Part of subcall function 00B51193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00B50BB1,?), ref: 00B511B7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                            • String ID:
                                                                            • API String ID: 4175595110-0
                                                                            • Opcode ID: a8b568adcbc96529c4f28941793a1964549123da12a1e98e913ccd68a58e3cae
                                                                            • Instruction ID: 9615bfd29482f299939b4d392ebd58c5106116a038f7668007ec7156816d718a
                                                                            • Opcode Fuzzy Hash: a8b568adcbc96529c4f28941793a1964549123da12a1e98e913ccd68a58e3cae
                                                                            • Instruction Fuzzy Hash: 2D713AB190020AEBDF10AFA4DC48BEEBBB8EF05351F1445A5ED15A71A1DB71A909CB60
                                                                            APIs
                                                                            • OpenClipboard.USER32(00B8CC08), ref: 00B6EB29
                                                                            • IsClipboardFormatAvailable.USER32(0000000D), ref: 00B6EB37
                                                                            • GetClipboardData.USER32(0000000D), ref: 00B6EB43
                                                                            • CloseClipboard.USER32 ref: 00B6EB4F
                                                                            • GlobalLock.KERNEL32(00000000), ref: 00B6EB87
                                                                            • CloseClipboard.USER32 ref: 00B6EB91
                                                                            • GlobalUnlock.KERNEL32(00000000,00000000), ref: 00B6EBBC
                                                                            • IsClipboardFormatAvailable.USER32(00000001), ref: 00B6EBC9
                                                                            • GetClipboardData.USER32(00000001), ref: 00B6EBD1
                                                                            • GlobalLock.KERNEL32(00000000), ref: 00B6EBE2
                                                                            • GlobalUnlock.KERNEL32(00000000,?), ref: 00B6EC22
                                                                            • IsClipboardFormatAvailable.USER32(0000000F), ref: 00B6EC38
                                                                            • GetClipboardData.USER32(0000000F), ref: 00B6EC44
                                                                            • GlobalLock.KERNEL32(00000000), ref: 00B6EC55
                                                                            • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00B6EC77
                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00B6EC94
                                                                            • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00B6ECD2
                                                                            • GlobalUnlock.KERNEL32(00000000,?,?), ref: 00B6ECF3
                                                                            • CountClipboardFormats.USER32 ref: 00B6ED14
                                                                            • CloseClipboard.USER32 ref: 00B6ED59
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                            • String ID:
                                                                            • API String ID: 420908878-0
                                                                            • Opcode ID: e6ef491f6c989464b0ff9eb81bb920cabb8fe3c946f0cd8dd4bda36c16106339
                                                                            • Instruction ID: e049f88601fe51c0e23ba87414b0913575a32b2a97cb4e2197b2b8996d9f0f35
                                                                            • Opcode Fuzzy Hash: e6ef491f6c989464b0ff9eb81bb920cabb8fe3c946f0cd8dd4bda36c16106339
                                                                            • Instruction Fuzzy Hash: A261FF79204205AFD300EF60D888F7A7BE4EF84744F1845A9F566872A2DF35DD05CBA2
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00B669BE
                                                                            • FindClose.KERNEL32(00000000), ref: 00B66A12
                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00B66A4E
                                                                            • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00B66A75
                                                                              • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00B66AB2
                                                                            • FileTimeToSystemTime.KERNEL32(?,?), ref: 00B66ADF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                            • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                            • API String ID: 3830820486-3289030164
                                                                            • Opcode ID: 85af25cc84a37daf61df59cd6d15f7b3e8197fefccaef48404c250ccb6b6c506
                                                                            • Instruction ID: 6b12508aee3b8a6d2ab5037753e1372289240e98c05f41cc6f955b4cea3687ad
                                                                            • Opcode Fuzzy Hash: 85af25cc84a37daf61df59cd6d15f7b3e8197fefccaef48404c250ccb6b6c506
                                                                            • Instruction Fuzzy Hash: E1D14EB2508304AFC314EBA5C992EBBB7ECAF88704F04495DF685C7191EB74DA44CB62
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00B69663
                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00B696A1
                                                                            • SetFileAttributesW.KERNEL32(?,?), ref: 00B696BB
                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00B696D3
                                                                            • FindClose.KERNEL32(00000000), ref: 00B696DE
                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 00B696FA
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00B6974A
                                                                            • SetCurrentDirectoryW.KERNEL32(00BB6B7C), ref: 00B69768
                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00B69772
                                                                            • FindClose.KERNEL32(00000000), ref: 00B6977F
                                                                            • FindClose.KERNEL32(00000000), ref: 00B6978F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                            • String ID: *.*
                                                                            • API String ID: 1409584000-438819550
                                                                            • Opcode ID: 016a6783d402367746ed227cf6819cfe79083d4a7316d49563bde262dff0c192
                                                                            • Instruction ID: 946342f320d43ad72318a37368925cf2fffed63556650d832e8118a0030b3c77
                                                                            • Opcode Fuzzy Hash: 016a6783d402367746ed227cf6819cfe79083d4a7316d49563bde262dff0c192
                                                                            • Instruction Fuzzy Hash: 9131A272541219AADF24AFB4EC49AEE77ECDF49320F1041E5E815E30A0DB78DE44CB64
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00B697BE
                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00B69819
                                                                            • FindClose.KERNEL32(00000000), ref: 00B69824
                                                                            • FindFirstFileW.KERNEL32(*.*,?), ref: 00B69840
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00B69890
                                                                            • SetCurrentDirectoryW.KERNEL32(00BB6B7C), ref: 00B698AE
                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00B698B8
                                                                            • FindClose.KERNEL32(00000000), ref: 00B698C5
                                                                            • FindClose.KERNEL32(00000000), ref: 00B698D5
                                                                              • Part of subcall function 00B5DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00B5DB00
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                            • String ID: *.*
                                                                            • API String ID: 2640511053-438819550
                                                                            • Opcode ID: c1fb9ac0ae7efe740e96ef10c4e3e66d9f19496efd35fc401ccffcf4616e5c7c
                                                                            • Instruction ID: 9465f577e17d7c9dc18b43704a4941c609eeed22ae5c086d13e13f2b77613182
                                                                            • Opcode Fuzzy Hash: c1fb9ac0ae7efe740e96ef10c4e3e66d9f19496efd35fc401ccffcf4616e5c7c
                                                                            • Instruction Fuzzy Hash: 6031C372500619AADB24AFB4EC49AEE77ECDF4A360F1041D5E810A30E0DB78DE85CB64
                                                                            APIs
                                                                              • Part of subcall function 00B7C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B7B6AE,?,?), ref: 00B7C9B5
                                                                              • Part of subcall function 00B7C998: _wcslen.LIBCMT ref: 00B7C9F1
                                                                              • Part of subcall function 00B7C998: _wcslen.LIBCMT ref: 00B7CA68
                                                                              • Part of subcall function 00B7C998: _wcslen.LIBCMT ref: 00B7CA9E
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B7BF3E
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00B7BFA9
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00B7BFCD
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00B7C02C
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00B7C0E7
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00B7C154
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00B7C1E9
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00B7C23A
                                                                            • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00B7C2E3
                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00B7C382
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00B7C38F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                            • String ID:
                                                                            • API String ID: 3102970594-0
                                                                            • Opcode ID: 1604054cfd01cb563ca0ab84f39cb5680156a786512596911ef7191fd9d9158b
                                                                            • Instruction ID: 8e190f43ea8411dcaffc8e44273ed984c08c35bde5f7378b1c16b26b0afb4f06
                                                                            • Opcode Fuzzy Hash: 1604054cfd01cb563ca0ab84f39cb5680156a786512596911ef7191fd9d9158b
                                                                            • Instruction Fuzzy Hash: 49025C71604200AFC714DF28C895E2ABBE5EF89318F19C49DF85ADB2A2DB31ED45CB51
                                                                            APIs
                                                                            • GetLocalTime.KERNEL32(?), ref: 00B68257
                                                                            • SystemTimeToFileTime.KERNEL32(?,?), ref: 00B68267
                                                                            • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00B68273
                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00B68310
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00B68324
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00B68356
                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00B6838C
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00B68395
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CurrentDirectoryTime$File$Local$System
                                                                            • String ID: *.*
                                                                            • API String ID: 1464919966-438819550
                                                                            • Opcode ID: f3342e40085b02fd02cf3aadd23d76735cdc5d041f197f5a3cc4bd1450f7a4fc
                                                                            • Instruction ID: 6c543ae466528a2128eee45124f74fb664003bdcb8796f90692d78a632241551
                                                                            • Opcode Fuzzy Hash: f3342e40085b02fd02cf3aadd23d76735cdc5d041f197f5a3cc4bd1450f7a4fc
                                                                            • Instruction Fuzzy Hash: E9617CB25043459FCB10EF60C8409AEB3E8FF89310F04495EF999D7251DB35E945CB92
                                                                            APIs
                                                                              • Part of subcall function 00AF3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AF3A97,?,?,00AF2E7F,?,?,?,00000000), ref: 00AF3AC2
                                                                              • Part of subcall function 00B5E199: GetFileAttributesW.KERNEL32(?,00B5CF95), ref: 00B5E19A
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00B5D122
                                                                            • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00B5D1DD
                                                                            • MoveFileW.KERNEL32(?,?), ref: 00B5D1F0
                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 00B5D20D
                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00B5D237
                                                                              • Part of subcall function 00B5D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00B5D21C,?,?), ref: 00B5D2B2
                                                                            • FindClose.KERNEL32(00000000,?,?,?), ref: 00B5D253
                                                                            • FindClose.KERNEL32(00000000), ref: 00B5D264
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                            • String ID: \*.*
                                                                            • API String ID: 1946585618-1173974218
                                                                            • Opcode ID: 977464341b929ce36b653514787c1635b3e97fe9cefe3ec46757ec386a188fa8
                                                                            • Instruction ID: a8f1f7b249cda3d5a9a685ba7fb6b692839716bcd8538d5c9a7ceb3397d707e3
                                                                            • Opcode Fuzzy Hash: 977464341b929ce36b653514787c1635b3e97fe9cefe3ec46757ec386a188fa8
                                                                            • Instruction Fuzzy Hash: FE617C7180110D9ACF15EBE0CA92AFDBBB5AF14341F2042A5F906771A1EB31AF09CB61
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                            • String ID:
                                                                            • API String ID: 1737998785-0
                                                                            • Opcode ID: 5433407bb10da5f8f80e445b4411f1429ec4f6d996877a3aa442dd1c1499e4f5
                                                                            • Instruction ID: 26fae0efa0d8feef5c625ab7652896a4fdce9f11e8ee0f5c471902ed257d12c9
                                                                            • Opcode Fuzzy Hash: 5433407bb10da5f8f80e445b4411f1429ec4f6d996877a3aa442dd1c1499e4f5
                                                                            • Instruction Fuzzy Hash: F1418275604611AFE710DF15D888F19BBE5FF44328F14C4A9E4258B672DB7AEC41CB90
                                                                            APIs
                                                                              • Part of subcall function 00B516C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00B5170D
                                                                              • Part of subcall function 00B516C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00B5173A
                                                                              • Part of subcall function 00B516C3: GetLastError.KERNEL32 ref: 00B5174A
                                                                            • ExitWindowsEx.USER32(?,00000000), ref: 00B5E932
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                            • String ID: $ $@$SeShutdownPrivilege
                                                                            • API String ID: 2234035333-3163812486
                                                                            • Opcode ID: b1f334a8c99f003868678a69e132afa01826d7c28ee42bba2fa55f47cd7a7492
                                                                            • Instruction ID: 678701d1671912c8525f3ec257a5603e844c57bf1a7e8a58642044120f175346
                                                                            • Opcode Fuzzy Hash: b1f334a8c99f003868678a69e132afa01826d7c28ee42bba2fa55f47cd7a7492
                                                                            • Instruction Fuzzy Hash: 7C0144726102116FEB1826749C86FBF72DCD714742F1404D2FC23E30D1D6709D4882A0
                                                                            APIs
                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00B71276
                                                                            • WSAGetLastError.WSOCK32 ref: 00B71283
                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 00B712BA
                                                                            • WSAGetLastError.WSOCK32 ref: 00B712C5
                                                                            • closesocket.WSOCK32(00000000), ref: 00B712F4
                                                                            • listen.WSOCK32(00000000,00000005), ref: 00B71303
                                                                            • WSAGetLastError.WSOCK32 ref: 00B7130D
                                                                            • closesocket.WSOCK32(00000000), ref: 00B7133C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$closesocket$bindlistensocket
                                                                            • String ID:
                                                                            • API String ID: 540024437-0
                                                                            • Opcode ID: 1a349c2b9cd61218d248740c106cf01ac57c4b782bee2b7ef5279e5b116e7eff
                                                                            • Instruction ID: cf7ae4675b13b390c4642ed3b514ec605dde16c59cc48645cd7ae7e3a55722bf
                                                                            • Opcode Fuzzy Hash: 1a349c2b9cd61218d248740c106cf01ac57c4b782bee2b7ef5279e5b116e7eff
                                                                            • Instruction Fuzzy Hash: 57416E71600101AFD710DF68C588B29BBE5EF46318F18C588E96A9F2A3C771ED85CBB1
                                                                            APIs
                                                                            • _free.LIBCMT ref: 00B2B9D4
                                                                            • _free.LIBCMT ref: 00B2B9F8
                                                                            • _free.LIBCMT ref: 00B2BB7F
                                                                            • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00B93700), ref: 00B2BB91
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00BC121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00B2BC09
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00BC1270,000000FF,?,0000003F,00000000,?), ref: 00B2BC36
                                                                            • _free.LIBCMT ref: 00B2BD4B
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                            • String ID:
                                                                            • API String ID: 314583886-0
                                                                            • Opcode ID: 90d6ca3a9fb950703a7927f560a16cf5e2b63535a11f42f49900be9873c9350f
                                                                            • Instruction ID: e2c7eefdea099c1d2db3ce3727fa473558619d2b6ca8d99b366b1e964186fae9
                                                                            • Opcode Fuzzy Hash: 90d6ca3a9fb950703a7927f560a16cf5e2b63535a11f42f49900be9873c9350f
                                                                            • Instruction Fuzzy Hash: 2EC11571904225AFCB24DF68AC41FAABBF8EF46310F1445EAE499DB252EF309E41C750
                                                                            APIs
                                                                              • Part of subcall function 00AF3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AF3A97,?,?,00AF2E7F,?,?,?,00000000), ref: 00AF3AC2
                                                                              • Part of subcall function 00B5E199: GetFileAttributesW.KERNEL32(?,00B5CF95), ref: 00B5E19A
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00B5D420
                                                                            • DeleteFileW.KERNEL32(?,?,?,?), ref: 00B5D470
                                                                            • FindNextFileW.KERNEL32(00000000,00000010), ref: 00B5D481
                                                                            • FindClose.KERNEL32(00000000), ref: 00B5D498
                                                                            • FindClose.KERNEL32(00000000), ref: 00B5D4A1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                            • String ID: \*.*
                                                                            • API String ID: 2649000838-1173974218
                                                                            • Opcode ID: 5492c2529fa53b42471f0432fe64a8685c40d34d06fd67571892e26d9cc6d5c1
                                                                            • Instruction ID: 4aae4b5ebb2e341d8387c4e3c5446f96bfdd70d5b40c2e52a07fdfd425f4981f
                                                                            • Opcode Fuzzy Hash: 5492c2529fa53b42471f0432fe64a8685c40d34d06fd67571892e26d9cc6d5c1
                                                                            • Instruction Fuzzy Hash: FD31A2710083459BC311EFA4C9919BF77E8AE91341F404A5DF9D5932A1EB30AA0DCB63
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: __floor_pentium4
                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                            • API String ID: 4168288129-2761157908
                                                                            • Opcode ID: 419c270dcd2b39a12e1a163b5d89a722d058a1e132158b6979224bf6e8ae0934
                                                                            • Instruction ID: 6bfbc632e2f65db67431cd649399e27cde1508eb1c3a8495290dbf0bd99dc648
                                                                            • Opcode Fuzzy Hash: 419c270dcd2b39a12e1a163b5d89a722d058a1e132158b6979224bf6e8ae0934
                                                                            • Instruction Fuzzy Hash: 32C23A71E086298FDB25CE29ED807EAB7F5EB49305F1441EAD85DE7240E774AE818F40
                                                                            APIs
                                                                            • _wcslen.LIBCMT ref: 00B664DC
                                                                            • CoInitialize.OLE32(00000000), ref: 00B66639
                                                                            • CoCreateInstance.OLE32(00B8FCF8,00000000,00000001,00B8FB68,?), ref: 00B66650
                                                                            • CoUninitialize.OLE32 ref: 00B668D4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                            • String ID: .lnk
                                                                            • API String ID: 886957087-24824748
                                                                            • Opcode ID: ec2e5cbdb80741b7e3e2a97f706df538495b6aca86ebc0457654793afedf2f34
                                                                            • Instruction ID: 418fe98a045b062e1934a801d97cbdf300be2d0e11288d59813e43994a16c067
                                                                            • Opcode Fuzzy Hash: ec2e5cbdb80741b7e3e2a97f706df538495b6aca86ebc0457654793afedf2f34
                                                                            • Instruction Fuzzy Hash: 8ED13971508305AFC314EF64C981A6BB7E8FF98704F14496DF5968B2A1EB70ED05CBA2
                                                                            APIs
                                                                            • GetForegroundWindow.USER32(?,?,00000000), ref: 00B722E8
                                                                              • Part of subcall function 00B6E4EC: GetWindowRect.USER32(?,?), ref: 00B6E504
                                                                            • GetDesktopWindow.USER32 ref: 00B72312
                                                                            • GetWindowRect.USER32(00000000), ref: 00B72319
                                                                            • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00B72355
                                                                            • GetCursorPos.USER32(?), ref: 00B72381
                                                                            • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00B723DF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                            • String ID:
                                                                            • API String ID: 2387181109-0
                                                                            • Opcode ID: 1fa09a82ad2627e1f57604d527431b66cf5b4115743618b682f73f084573a420
                                                                            • Instruction ID: b9e699c2cabd6e165278ada198738f4e1f2c7abf9046a7adb490d9db55790be0
                                                                            • Opcode Fuzzy Hash: 1fa09a82ad2627e1f57604d527431b66cf5b4115743618b682f73f084573a420
                                                                            • Instruction Fuzzy Hash: 8931E372504315AFDB20DF14D845F9BBBEAFF84310F004959F99997191DB34EA08CBA6
                                                                            APIs
                                                                              • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                            • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00B69B78
                                                                            • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00B69C8B
                                                                              • Part of subcall function 00B63874: GetInputState.USER32 ref: 00B638CB
                                                                              • Part of subcall function 00B63874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00B63966
                                                                            • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00B69BA8
                                                                            • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00B69C75
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                            • String ID: *.*
                                                                            • API String ID: 1972594611-438819550
                                                                            • Opcode ID: a9fee4d7c6d8348740ad130fa77a147e68090312e7dcf6c822e4b16f8a19f61b
                                                                            • Instruction ID: dc840e34dbf2f88d2cc089f4d441c1dbb72d54454a0313f854e0c87a3aeec201
                                                                            • Opcode Fuzzy Hash: a9fee4d7c6d8348740ad130fa77a147e68090312e7dcf6c822e4b16f8a19f61b
                                                                            • Instruction Fuzzy Hash: 8B41717190420AAFCF55DFA4C985AEEBBF8EF05350F244195F905A31A1EB349E84CFA0
                                                                            APIs
                                                                              • Part of subcall function 00B09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B09BB2
                                                                            • DefDlgProcW.USER32(?,?,?,?,?), ref: 00B09A4E
                                                                            • GetSysColor.USER32(0000000F), ref: 00B09B23
                                                                            • SetBkColor.GDI32(?,00000000), ref: 00B09B36
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Color$LongProcWindow
                                                                            • String ID:
                                                                            • API String ID: 3131106179-0
                                                                            • Opcode ID: 51aa72479b1ada05d711303409ed413b55dc526f21232b410d550e14c7922dbe
                                                                            • Instruction ID: 6798dec9a7d201752e1f52546087e218bb8eb609a105554c28261601278ed050
                                                                            • Opcode Fuzzy Hash: 51aa72479b1ada05d711303409ed413b55dc526f21232b410d550e14c7922dbe
                                                                            • Instruction Fuzzy Hash: D7A1F370249444BEE728AA2C8C98E7B3EDDDB86350B1542C9F512D66E3CF25DE01E376
                                                                            APIs
                                                                              • Part of subcall function 00B7304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00B7307A
                                                                              • Part of subcall function 00B7304E: _wcslen.LIBCMT ref: 00B7309B
                                                                            • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00B7185D
                                                                            • WSAGetLastError.WSOCK32 ref: 00B71884
                                                                            • bind.WSOCK32(00000000,?,00000010), ref: 00B718DB
                                                                            • WSAGetLastError.WSOCK32 ref: 00B718E6
                                                                            • closesocket.WSOCK32(00000000), ref: 00B71915
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                            • String ID:
                                                                            • API String ID: 1601658205-0
                                                                            • Opcode ID: 718b0da8a97abfd55bd522c6a55f2cf0f74f5506af43eeb4d29747d1e61ff3b5
                                                                            • Instruction ID: 84e53f95c4efbefe317207c1d1a7a09accaf3adef2fa57a5a02b5f3cb1a6fd85
                                                                            • Opcode Fuzzy Hash: 718b0da8a97abfd55bd522c6a55f2cf0f74f5506af43eeb4d29747d1e61ff3b5
                                                                            • Instruction Fuzzy Hash: 22519271A002049FD710AF68C986F7ABBE5AB44718F14C498FA1A5F3D3C771AD41CBA1
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                            • String ID:
                                                                            • API String ID: 292994002-0
                                                                            • Opcode ID: 3063b4b1d595fb8c79fbfe6c3463fd6b6632ec4a7ff38f9df42c1bd0f5e50ae5
                                                                            • Instruction ID: 22fed788bfa487d08d20a8f392973650ca0656814a1fb3b32f55f114b165d8b3
                                                                            • Opcode Fuzzy Hash: 3063b4b1d595fb8c79fbfe6c3463fd6b6632ec4a7ff38f9df42c1bd0f5e50ae5
                                                                            • Instruction Fuzzy Hash: FD21A3717412115FD720AF1ED884B6A7BE9EF95324B1984A8E846CF361DB71DC43CBA0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                            • API String ID: 0-1546025612
                                                                            • Opcode ID: 4389167c4193d3c7a8dd85fdab695ee68bc3e66085c6e3e738110892730680cf
                                                                            • Instruction ID: 4e3be0bcd841d758d3cb06622f138a0b4c4a86876bdd2bcc4636ef3ded14932a
                                                                            • Opcode Fuzzy Hash: 4389167c4193d3c7a8dd85fdab695ee68bc3e66085c6e3e738110892730680cf
                                                                            • Instruction Fuzzy Hash: DDA25D71E0061ACBDF24CF98C9817BEB7B1FF54314F2481A9E915AB285EB749D81CB90
                                                                            APIs
                                                                            • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00B5AAAC
                                                                            • SetKeyboardState.USER32(00000080), ref: 00B5AAC8
                                                                            • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00B5AB36
                                                                            • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00B5AB88
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                            • String ID:
                                                                            • API String ID: 432972143-0
                                                                            • Opcode ID: a13305b78a84fe3fb79e683078d3c6ed8764399ff00fa8d41152e1e00a8b7c3a
                                                                            • Instruction ID: 5e0157166bbbf4ea4401b146b3798cea68a74a1b2793d572d67b952da6202b48
                                                                            • Opcode Fuzzy Hash: a13305b78a84fe3fb79e683078d3c6ed8764399ff00fa8d41152e1e00a8b7c3a
                                                                            • Instruction Fuzzy Hash: 53312770A40208AEEB318B648C45BFA7BE6EB44312F0443DAF981721E0D7758989C7A2
                                                                            APIs
                                                                            • InternetReadFile.WININET(?,?,00000400,?), ref: 00B6CE89
                                                                            • GetLastError.KERNEL32(?,00000000), ref: 00B6CEEA
                                                                            • SetEvent.KERNEL32(?,?,00000000), ref: 00B6CEFE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorEventFileInternetLastRead
                                                                            • String ID:
                                                                            • API String ID: 234945975-0
                                                                            • Opcode ID: 51906f8ea869b6d33589527fff1b0746f4252171b3fa5cdb4f95775bdac0fd96
                                                                            • Instruction ID: 83ada404229bcfef406d5260e8c27512571b584982e7aeed4aba9e135c62c85e
                                                                            • Opcode Fuzzy Hash: 51906f8ea869b6d33589527fff1b0746f4252171b3fa5cdb4f95775bdac0fd96
                                                                            • Instruction Fuzzy Hash: 6D21AFB16003059BDB20DF65C988BB7BBFCEB50354F10449EE686D2161EB79EE48CB64
                                                                            APIs
                                                                            • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00B582AA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: lstrlen
                                                                            • String ID: ($|
                                                                            • API String ID: 1659193697-1631851259
                                                                            • Opcode ID: f41bb612b3a675039e431c47f3183901d131a8c45b4a7eadb2ac1ffe8b1b2493
                                                                            • Instruction ID: be8017f518f15c6022e194a2e11fb6cfa987d86c9683951b8bef97ff9bb80166
                                                                            • Opcode Fuzzy Hash: f41bb612b3a675039e431c47f3183901d131a8c45b4a7eadb2ac1ffe8b1b2493
                                                                            • Instruction Fuzzy Hash: F8322875A00605DFC728CF59C481A6AB7F0FF48710B15C5AEE89AEB7A1EB70E941CB44
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00B65CC1
                                                                            • FindNextFileW.KERNEL32(00000000,?), ref: 00B65D17
                                                                            • FindClose.KERNEL32(?), ref: 00B65D5F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Find$File$CloseFirstNext
                                                                            • String ID:
                                                                            • API String ID: 3541575487-0
                                                                            • Opcode ID: 06d6ed4989cfb328ab75c860e3e359c1f4eba9c7b32cf9b522d9ea0584222833
                                                                            • Instruction ID: 7a10d93bfd5c2dff21a265495837d7471ecaecb84db1ccfa48cdda87d32e65b3
                                                                            • Opcode Fuzzy Hash: 06d6ed4989cfb328ab75c860e3e359c1f4eba9c7b32cf9b522d9ea0584222833
                                                                            • Instruction Fuzzy Hash: 44519B75604A019FC724CF28C494EAAB7E4FF49324F1485ADE95A8B3A2CB34ED54CF91
                                                                            APIs
                                                                            • IsDebuggerPresent.KERNEL32 ref: 00B2271A
                                                                            • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00B22724
                                                                            • UnhandledExceptionFilter.KERNEL32(?), ref: 00B22731
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                            • String ID:
                                                                            • API String ID: 3906539128-0
                                                                            • Opcode ID: 516e13c56b78db879818a92fd3dd43322c3d7b5423152f77ef8114d61781e973
                                                                            • Instruction ID: bf63d268b5137afc7b78e5d1e457681b2987f71998cc1e95e26d3734fb8d2897
                                                                            • Opcode Fuzzy Hash: 516e13c56b78db879818a92fd3dd43322c3d7b5423152f77ef8114d61781e973
                                                                            • Instruction Fuzzy Hash: DE31B475911228ABCB21DF64DC897D9BBF8AF08310F5041EAE41CA7261EB709F818F55
                                                                            APIs
                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00B651DA
                                                                            • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00B65238
                                                                            • SetErrorMode.KERNEL32(00000000), ref: 00B652A1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$DiskFreeSpace
                                                                            • String ID:
                                                                            • API String ID: 1682464887-0
                                                                            • Opcode ID: abe0606b7602dcc32ffdb9dc957efa3007529712548e4a9c9387d7b9f0268225
                                                                            • Instruction ID: b395d08ccd609f4ffe18ee7976c8ebb09aec9c8b55fd3853bfd5dc4f4f28c078
                                                                            • Opcode Fuzzy Hash: abe0606b7602dcc32ffdb9dc957efa3007529712548e4a9c9387d7b9f0268225
                                                                            • Instruction Fuzzy Hash: 12313A75A006189FDB00DF95D894AADBBF4FF48314F048099E905AB3A2DB35E856CBA0
                                                                            APIs
                                                                              • Part of subcall function 00B0FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00B10668
                                                                              • Part of subcall function 00B0FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00B10685
                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00B5170D
                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00B5173A
                                                                            • GetLastError.KERNEL32 ref: 00B5174A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                            • String ID:
                                                                            • API String ID: 577356006-0
                                                                            • Opcode ID: daf92277f2752d890aa7e283cd21f3a86bed053ade40894d54c9834e764fb007
                                                                            • Instruction ID: 66ac4b1aecf6fa4dae9f9a1dd6c1e6334acf2665a2d2573d69ace6a92a86737a
                                                                            • Opcode Fuzzy Hash: daf92277f2752d890aa7e283cd21f3a86bed053ade40894d54c9834e764fb007
                                                                            • Instruction Fuzzy Hash: 3D1104B1500305AFD7189F68DCC6E6BBBF9EB44751B2085AEE45653241EB70BC41CB20
                                                                            APIs
                                                                            • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00B5D608
                                                                            • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00B5D645
                                                                            • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00B5D650
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseControlCreateDeviceFileHandle
                                                                            • String ID:
                                                                            • API String ID: 33631002-0
                                                                            • Opcode ID: 298248dff1f2742db271c5e8b2dd11b830675d54938e2176553324bf113fd327
                                                                            • Instruction ID: 91a408fec3ffea55ac696fe8c91965950b4ae80d71e187d8b666950f33784f6d
                                                                            • Opcode Fuzzy Hash: 298248dff1f2742db271c5e8b2dd11b830675d54938e2176553324bf113fd327
                                                                            • Instruction Fuzzy Hash: 5D113CB5E05228BBDB208F95DC85FAFBFBCEB45B50F108155F904E7290D6704A06CBA1
                                                                            APIs
                                                                            • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00B5168C
                                                                            • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00B516A1
                                                                            • FreeSid.ADVAPI32(?), ref: 00B516B1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                            • String ID:
                                                                            • API String ID: 3429775523-0
                                                                            • Opcode ID: a07c7c3faef52f14b1d169d77634cd4f952655052a2efed45127f9f9773b90ff
                                                                            • Instruction ID: 83fa9437c4781fc1e4295d2aa5f001f360e7505c9aecc5045cea4a17b0a59f89
                                                                            • Opcode Fuzzy Hash: a07c7c3faef52f14b1d169d77634cd4f952655052a2efed45127f9f9773b90ff
                                                                            • Instruction Fuzzy Hash: 37F044B1940308FBDB00CFE4DC89EAEBBBCEB08240F1048A0E900E2190E730AA048B60
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: /
                                                                            • API String ID: 0-2043925204
                                                                            • Opcode ID: 0fcbc1130e4b7bd810e750beeba2a8579e716ace78aa15d9129932b508c88d4a
                                                                            • Instruction ID: 6bd69744bf96f1cb759eb194155a35e1519ed987d35c8dee3d6d86c02c19b4bb
                                                                            • Opcode Fuzzy Hash: 0fcbc1130e4b7bd810e750beeba2a8579e716ace78aa15d9129932b508c88d4a
                                                                            • Instruction Fuzzy Hash: EB413A72500228AFCB20DFB9EC48EAF7BF8EB84314F5046A9F919C7180E6709D41CB54
                                                                            APIs
                                                                            • GetUserNameW.ADVAPI32(?,?), ref: 00B4D28C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: NameUser
                                                                            • String ID: X64
                                                                            • API String ID: 2645101109-893830106
                                                                            • Opcode ID: 50f7d8f3ac7eaef8095ad47683339668460ea338c9c42b48034064f22354d955
                                                                            • Instruction ID: 7343e3de76fd3d76a1666c9a9db9c1e954ce1cf17f3f7836e67322258dfe609b
                                                                            • Opcode Fuzzy Hash: 50f7d8f3ac7eaef8095ad47683339668460ea338c9c42b48034064f22354d955
                                                                            • Instruction Fuzzy Hash: 61D0C9B480111DEBCB90CB90DCC8DD9B7BCBB04345F100191F106A2140DB7096489F20
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                            • Instruction ID: 9284802d138a49b18004f48250af1c3457f5fa6d89da8de9bd8c8dfc34d8832d
                                                                            • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                            • Instruction Fuzzy Hash: 3D022D72E402199BDF14CFA9D8806EDFBF1EF48314F6581A9D819E7384D730AE458B84
                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(?,?), ref: 00B66918
                                                                            • FindClose.KERNEL32(00000000), ref: 00B66961
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Find$CloseFileFirst
                                                                            • String ID:
                                                                            • API String ID: 2295610775-0
                                                                            • Opcode ID: 5807b17f770e780e3ac308cca87a359eeed3a0a1943c34335f19a1bc6d2d8afd
                                                                            • Instruction ID: c4683735ec4823df518d9ca5351fcf0e7bc2291984729597dcc75cc7b5a68d1d
                                                                            • Opcode Fuzzy Hash: 5807b17f770e780e3ac308cca87a359eeed3a0a1943c34335f19a1bc6d2d8afd
                                                                            • Instruction Fuzzy Hash: 9A11D3716042059FC710CF69C484A26BBE4FF88328F04C699F8698F2A2CB34EC05CB90
                                                                            APIs
                                                                            • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00B74891,?,?,00000035,?), ref: 00B637E4
                                                                            • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00B74891,?,?,00000035,?), ref: 00B637F4
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorFormatLastMessage
                                                                            • String ID:
                                                                            • API String ID: 3479602957-0
                                                                            • Opcode ID: d5458f264b60d504755cd66a33cac50d6fae12e94fcf308fd4e07a9346b2da8c
                                                                            • Instruction ID: 394480113c11033d4672b4682dfbfd148aecce409739f4050065f322b33619f0
                                                                            • Opcode Fuzzy Hash: d5458f264b60d504755cd66a33cac50d6fae12e94fcf308fd4e07a9346b2da8c
                                                                            • Instruction Fuzzy Hash: BBF0E5B06042282AE72017B69C4DFEB3AEEEFC4B61F0001A5F509D3291D9709D04C7B1
                                                                            APIs
                                                                            • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00B5B25D
                                                                            • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 00B5B270
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: InputSendkeybd_event
                                                                            • String ID:
                                                                            • API String ID: 3536248340-0
                                                                            • Opcode ID: f24255c218f4aae51466634125c21c64389f0d2336d372998cf3b1f79cde9192
                                                                            • Instruction ID: b5f314dc23a3808cde68b318d44fee4af5b26b25333cbef4da3de5aad47b1a65
                                                                            • Opcode Fuzzy Hash: f24255c218f4aae51466634125c21c64389f0d2336d372998cf3b1f79cde9192
                                                                            • Instruction Fuzzy Hash: 34F01D7580424DABDF059FA0C806BEE7FB4FF04305F008049F965A61A1C779C615DFA4
                                                                            APIs
                                                                            • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00B511FC), ref: 00B510D4
                                                                            • CloseHandle.KERNEL32(?,?,00B511FC), ref: 00B510E9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AdjustCloseHandlePrivilegesToken
                                                                            • String ID:
                                                                            • API String ID: 81990902-0
                                                                            • Opcode ID: d7efd81e57053954d436e78ca8aee96d2836acbc2b4b22b4b6950654aaf146a6
                                                                            • Instruction ID: c134a23139087b0e2cf851dbe443a836ca7b9f4e28a2448e27ceda129f6bbb81
                                                                            • Opcode Fuzzy Hash: d7efd81e57053954d436e78ca8aee96d2836acbc2b4b22b4b6950654aaf146a6
                                                                            • Instruction Fuzzy Hash: E9E04F72004601AEE7252B61FC05F737BE9EB04310B24896DF4A5814F1DB72AC90DB64
                                                                            Strings
                                                                            • Variable is not of type 'Object'., xrefs: 00B40C40
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Variable is not of type 'Object'.
                                                                            • API String ID: 0-1840281001
                                                                            • Opcode ID: 45ff8c314740f1142d4c142f43f5687bff836ebc3634dafb67f7aa5183ecff4d
                                                                            • Instruction ID: 5dc11e54600cb23855bc692222f0fd4ae8d899939c183ef10f963a1e6893333f
                                                                            • Opcode Fuzzy Hash: 45ff8c314740f1142d4c142f43f5687bff836ebc3634dafb67f7aa5183ecff4d
                                                                            • Instruction Fuzzy Hash: 5832487091021CDBCF14EF95CA81AFDB7B5FF04314F1440A9FA06AB292DB75AA46DB60
                                                                            APIs
                                                                            • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00B26766,?,?,00000008,?,?,00B2FEFE,00000000), ref: 00B26998
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionRaise
                                                                            • String ID:
                                                                            • API String ID: 3997070919-0
                                                                            • Opcode ID: 0806544911b6ca815c7d9e81cbbca5f62f37913972e1ac25a6f8ad92051e5ad4
                                                                            • Instruction ID: 84eb170f5f8d0a98ade3885d422be61503377d2097b76b3d6b1dd491edc1f291
                                                                            • Opcode Fuzzy Hash: 0806544911b6ca815c7d9e81cbbca5f62f37913972e1ac25a6f8ad92051e5ad4
                                                                            • Instruction Fuzzy Hash: 86B16B31610618DFD719CF28D48AB657BE0FF09364F258699E89DCF2A2C735E981CB40
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID: 0-3916222277
                                                                            • Opcode ID: e2809b6713cc7bcebb7c90a718f4af9a7b0997568e69ed7a368e640cb87ce944
                                                                            • Instruction ID: 10c970aa8f0da59374b6da3a8ece27bef879a0207b4e57f11169d60d4460f1d4
                                                                            • Opcode Fuzzy Hash: e2809b6713cc7bcebb7c90a718f4af9a7b0997568e69ed7a368e640cb87ce944
                                                                            • Instruction Fuzzy Hash: 021240719002299FDB14CF58C881AEEBBF5FF48710F14819AE849EB295DB349E81DF94
                                                                            APIs
                                                                            • BlockInput.USER32(00000001), ref: 00B6EABD
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: BlockInput
                                                                            • String ID:
                                                                            • API String ID: 3456056419-0
                                                                            • Opcode ID: bb51e5226e3eb4694bdeef80a953b00413e5cdbf0b0e8c0d7aab5ca76b95fa08
                                                                            • Instruction ID: 943e3e2b334d38aea5da095bdb3f546b6412235e740cb6367fa282b7b80f5f6f
                                                                            • Opcode Fuzzy Hash: bb51e5226e3eb4694bdeef80a953b00413e5cdbf0b0e8c0d7aab5ca76b95fa08
                                                                            • Instruction Fuzzy Hash: 51E01A352102089FC710EF9AD944E9AFBE9AF98760F008466FD4AC7261DB74E8408BA0
                                                                            APIs
                                                                            • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00B103EE), ref: 00B109DA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ExceptionFilterUnhandled
                                                                            • String ID:
                                                                            • API String ID: 3192549508-0
                                                                            • Opcode ID: 88b542ed4932ef9b572a220765a7025458a01facfa378f3108076997b4338d58
                                                                            • Instruction ID: 8c45afaebb01f42ad4317a32f6ba5a4d566d6a0e2c117530e006e7607c0f7a57
                                                                            • Opcode Fuzzy Hash: 88b542ed4932ef9b572a220765a7025458a01facfa378f3108076997b4338d58
                                                                            • Instruction Fuzzy Hash:
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 0
                                                                            • API String ID: 0-4108050209
                                                                            • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                            • Instruction ID: df7d06ec2ac7f80b8e0962d5a20789e21c95e1a63b19d30a2c293de8e9e3e1d1
                                                                            • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                            • Instruction Fuzzy Hash: D2516B616DC60567DB38852A889DBFE23F5DB02380FE805DAE882C7282CE11DEC9D351
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 7d08473302b0364b1567e9f0294a7628f7a692cf30a9f7454b74e1cd243436b2
                                                                            • Instruction ID: 6e7ec15bc0b549a27416e4c7d78a2e404551736d82367f1a642d78583e352160
                                                                            • Opcode Fuzzy Hash: 7d08473302b0364b1567e9f0294a7628f7a692cf30a9f7454b74e1cd243436b2
                                                                            • Instruction Fuzzy Hash: 71324522D69F114DD7239634ED62335A689EFB73C5F15C337E81AB6AA9EF28C4834104
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b5256317f7f667785c5be3b16a81697e0c6175ca57f9ca4565b401f8f0da8a1f
                                                                            • Instruction ID: 839f0da189c2e83d487b7290860e52efb9a3c62af3ea15b3ded8e8f9c233d937
                                                                            • Opcode Fuzzy Hash: b5256317f7f667785c5be3b16a81697e0c6175ca57f9ca4565b401f8f0da8a1f
                                                                            • Instruction Fuzzy Hash: F1321331A011198BDF78CF28C4D067D7FE1EB45B44F2986EAD44A9B296D730DE81EB81
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8a7eb9f5a597875c9143e5af76014b16b5cc64c915d5a3e6c1869e176b3440e1
                                                                            • Instruction ID: e36e717f2cfdb29f3f000184c5da2cc444849d5343f63a14fb0961560732dc4c
                                                                            • Opcode Fuzzy Hash: 8a7eb9f5a597875c9143e5af76014b16b5cc64c915d5a3e6c1869e176b3440e1
                                                                            • Instruction Fuzzy Hash: F422B170A0460ADFDF24DFA4C981ABEB7F6FF44300F204669E816A7291EB35AD55CB50
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 2486590f03424e258a2048fd685d34060f1e9c359ec511f5955dadc9c5344531
                                                                            • Instruction ID: d6635372c662c336636f8d1a19a5cc588007c48060a2b072f82da4c848d5c839
                                                                            • Opcode Fuzzy Hash: 2486590f03424e258a2048fd685d34060f1e9c359ec511f5955dadc9c5344531
                                                                            • Instruction Fuzzy Hash: C102B7B1A0010AEBDB14DF54D881AAEB7F1FF44300F6081A9F9169B2D0EB31EE51CB91
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: f7eb527bf216808df498c0dc9de492b027928457e184d1dcecdf003cc6b99788
                                                                            • Instruction ID: fc07f6fddbec6dae4d5a15bdf052c93877e2655cb9d77df4aeb19f48ebc6d5f1
                                                                            • Opcode Fuzzy Hash: f7eb527bf216808df498c0dc9de492b027928457e184d1dcecdf003cc6b99788
                                                                            • Instruction Fuzzy Hash: FEB12520D6AF504DD32396398931336B69CAFBB6D5F92D31BFC1A75D22EF2285834140
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                            • Instruction ID: 93cb6ff6964332b23c720fd7292ceed9a2e19fe3a3f5ea4be868a87846f938aa
                                                                            • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                            • Instruction Fuzzy Hash: D99187732090A34ADB29467E95740BEFFE1DA923A135A0FEDD5F2CE1C5FE108994D620
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                            • Instruction ID: 9d49ada6001ea21733a0e36d779c78e225d31b9431c8c411310392f258716aed
                                                                            • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                            • Instruction Fuzzy Hash: 6C9187722090E34ADB29833D84780BDFFE19A923A135A07DDD5F2DB1C5EE2485B5D620
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                            • Instruction ID: 9819255dbf2e75f49d61a314916f99b2e955ccdc52a6fbe1bc723c9ab93a583b
                                                                            • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                            • Instruction Fuzzy Hash: AF91747220D0A34ADB2D427E85740BEFFE19A923A135A0BDDD5F2CA1C1FD24C5E5D620
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 9d0e5ae55da7e4ac2088e2de5c86f57b84fa90af5b5319ff9bc8eaefe195dc3c
                                                                            • Instruction ID: c3220ba42d46e3eaeb76a13fac55f3269ac74887784da06285186e8470ec9c74
                                                                            • Opcode Fuzzy Hash: 9d0e5ae55da7e4ac2088e2de5c86f57b84fa90af5b5319ff9bc8eaefe195dc3c
                                                                            • Instruction Fuzzy Hash: 456145712DC709A6DA349A2889B5BFF23F5EF41700FE409DAE842DB281DF119EC28355
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 805e5f7d33655fd202e7fef70c5e97e15e2f54d82864dd899dcdce826b8859f6
                                                                            • Instruction ID: 6d2caac7371b05743e3ba15899ad43cfcad7038f05c0819739fe2b769a02e493
                                                                            • Opcode Fuzzy Hash: 805e5f7d33655fd202e7fef70c5e97e15e2f54d82864dd899dcdce826b8859f6
                                                                            • Instruction Fuzzy Hash: DF615CB22CC70D57DE349A286895BFE23F9EF41704FE009E9E843DB281DE119DC28255
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                            • Instruction ID: 841a5c53a383310f40cfbd8a1fdbee03475625d0da2f7a737275ab19b9fe0a4f
                                                                            • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                            • Instruction Fuzzy Hash: CC8197726090A34DDB6D823E85740BEFFE19A923E135A4BDDD5F2CB1C1EE24C994D620
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 956619e9c1c2102150d93a17fba9621a1e51b7bf223d6dbfe2b2f71d39f9af93
                                                                            • Instruction ID: 6dcccbfc1aa0644dd32f9cd2260fee8f7f6b882b43c8530f3a972c06a2f0e4a0
                                                                            • Opcode Fuzzy Hash: 956619e9c1c2102150d93a17fba9621a1e51b7bf223d6dbfe2b2f71d39f9af93
                                                                            • Instruction Fuzzy Hash: 3C21B7326206158BD728CF79C82367E73E5E754310F15866EE4A7C37D0DE39A904CB90
                                                                            APIs
                                                                            • DeleteObject.GDI32(00000000), ref: 00B72B30
                                                                            • DeleteObject.GDI32(00000000), ref: 00B72B43
                                                                            • DestroyWindow.USER32 ref: 00B72B52
                                                                            • GetDesktopWindow.USER32 ref: 00B72B6D
                                                                            • GetWindowRect.USER32(00000000), ref: 00B72B74
                                                                            • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00B72CA3
                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00B72CB1
                                                                            • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B72CF8
                                                                            • GetClientRect.USER32(00000000,?), ref: 00B72D04
                                                                            • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00B72D40
                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B72D62
                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B72D75
                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B72D80
                                                                            • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B72D89
                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B72D98
                                                                            • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B72DA1
                                                                            • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B72DA8
                                                                            • GlobalFree.KERNEL32(00000000), ref: 00B72DB3
                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B72DC5
                                                                            • OleLoadPicture.OLEAUT32(?,00000000,00000000,00B8FC38,00000000), ref: 00B72DDB
                                                                            • GlobalFree.KERNEL32(00000000), ref: 00B72DEB
                                                                            • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00B72E11
                                                                            • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00B72E30
                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B72E52
                                                                            • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00B7303F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                            • String ID: $AutoIt v3$DISPLAY$static
                                                                            • API String ID: 2211948467-2373415609
                                                                            • Opcode ID: 6db5323be23a7cea77a534c2901e166b00068111509d79fd98caf45a3ecec60e
                                                                            • Instruction ID: bbeee050a3f5cfafc03b7aac392ab1951f2ba99ae896ff157159a4e0cda41551
                                                                            • Opcode Fuzzy Hash: 6db5323be23a7cea77a534c2901e166b00068111509d79fd98caf45a3ecec60e
                                                                            • Instruction Fuzzy Hash: 80027DB1500209AFDB14DFA4CD89EAE7BB9FF49710F048558F919AB2A1DB74ED01CB60
                                                                            APIs
                                                                            • SetTextColor.GDI32(?,00000000), ref: 00B8712F
                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00B87160
                                                                            • GetSysColor.USER32(0000000F), ref: 00B8716C
                                                                            • SetBkColor.GDI32(?,000000FF), ref: 00B87186
                                                                            • SelectObject.GDI32(?,?), ref: 00B87195
                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 00B871C0
                                                                            • GetSysColor.USER32(00000010), ref: 00B871C8
                                                                            • CreateSolidBrush.GDI32(00000000), ref: 00B871CF
                                                                            • FrameRect.USER32(?,?,00000000), ref: 00B871DE
                                                                            • DeleteObject.GDI32(00000000), ref: 00B871E5
                                                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 00B87230
                                                                            • FillRect.USER32(?,?,?), ref: 00B87262
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00B87284
                                                                              • Part of subcall function 00B873E8: GetSysColor.USER32(00000012), ref: 00B87421
                                                                              • Part of subcall function 00B873E8: SetTextColor.GDI32(?,?), ref: 00B87425
                                                                              • Part of subcall function 00B873E8: GetSysColorBrush.USER32(0000000F), ref: 00B8743B
                                                                              • Part of subcall function 00B873E8: GetSysColor.USER32(0000000F), ref: 00B87446
                                                                              • Part of subcall function 00B873E8: GetSysColor.USER32(00000011), ref: 00B87463
                                                                              • Part of subcall function 00B873E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00B87471
                                                                              • Part of subcall function 00B873E8: SelectObject.GDI32(?,00000000), ref: 00B87482
                                                                              • Part of subcall function 00B873E8: SetBkColor.GDI32(?,00000000), ref: 00B8748B
                                                                              • Part of subcall function 00B873E8: SelectObject.GDI32(?,?), ref: 00B87498
                                                                              • Part of subcall function 00B873E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00B874B7
                                                                              • Part of subcall function 00B873E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00B874CE
                                                                              • Part of subcall function 00B873E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00B874DB
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                            • String ID:
                                                                            • API String ID: 4124339563-0
                                                                            • Opcode ID: 82ccadb68cc990ceeadd4ebf54c902137d49e802320eefeb7f5da482acc2a24b
                                                                            • Instruction ID: e2019baf3c728ab5839f19aef2a0a3f613c5f8c123424b274527aaf09bdd3bc7
                                                                            • Opcode Fuzzy Hash: 82ccadb68cc990ceeadd4ebf54c902137d49e802320eefeb7f5da482acc2a24b
                                                                            • Instruction Fuzzy Hash: A4A184B2008302AFDB11AF64DC49E5B7BE9FB49324F200A19F562A71F1DB75D944CB61
                                                                            APIs
                                                                            • DestroyWindow.USER32(?,?), ref: 00B08E14
                                                                            • SendMessageW.USER32(?,00001308,?,00000000), ref: 00B46AC5
                                                                            • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00B46AFE
                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00B46F43
                                                                              • Part of subcall function 00B08F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00B08BE8,?,00000000,?,?,?,?,00B08BBA,00000000,?), ref: 00B08FC5
                                                                            • SendMessageW.USER32(?,00001053), ref: 00B46F7F
                                                                            • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00B46F96
                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00B46FAC
                                                                            • ImageList_Destroy.COMCTL32(00000000,?), ref: 00B46FB7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                            • String ID: 0
                                                                            • API String ID: 2760611726-4108050209
                                                                            • Opcode ID: 26cc13914ca28ca409f981e8689db4174cbe763b3634e623ef8937bd23a8cc5d
                                                                            • Instruction ID: 9d99cd973f25b4b8e37e84be810dca7f0f34da70592ce945455ebe49106ac94b
                                                                            • Opcode Fuzzy Hash: 26cc13914ca28ca409f981e8689db4174cbe763b3634e623ef8937bd23a8cc5d
                                                                            • Instruction Fuzzy Hash: 5212BF70600211DFDB25CF28D884BA5BBE1FB4A300F5444A9F585DB2A2CB31EE52EB52
                                                                            APIs
                                                                            • DestroyWindow.USER32(00000000), ref: 00B7273E
                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00B7286A
                                                                            • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00B728A9
                                                                            • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00B728B9
                                                                            • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00B72900
                                                                            • GetClientRect.USER32(00000000,?), ref: 00B7290C
                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00B72955
                                                                            • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00B72964
                                                                            • GetStockObject.GDI32(00000011), ref: 00B72974
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00B72978
                                                                            • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00B72988
                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B72991
                                                                            • DeleteDC.GDI32(00000000), ref: 00B7299A
                                                                            • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00B729C6
                                                                            • SendMessageW.USER32(00000030,00000000,00000001), ref: 00B729DD
                                                                            • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00B72A1D
                                                                            • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00B72A31
                                                                            • SendMessageW.USER32(00000404,00000001,00000000), ref: 00B72A42
                                                                            • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00B72A77
                                                                            • GetStockObject.GDI32(00000011), ref: 00B72A82
                                                                            • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00B72A8D
                                                                            • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00B72A97
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                            • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                            • API String ID: 2910397461-517079104
                                                                            • Opcode ID: 40456ac68876d3c778d9b7caa5e41ce42a52a4299a7e896ebc21372bc3f1599e
                                                                            • Instruction ID: 8f807252c03ca81733ae7af662504ce3b8aec39c85afb35ec61ffc5bbf95f62a
                                                                            • Opcode Fuzzy Hash: 40456ac68876d3c778d9b7caa5e41ce42a52a4299a7e896ebc21372bc3f1599e
                                                                            • Instruction Fuzzy Hash: 5AB151B1A00205AFEB14DFA8CD85FAE7BB9EB48714F008554F915E72A1DB74ED40CBA4
                                                                            APIs
                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00B64AED
                                                                            • GetDriveTypeW.KERNEL32(?,00B8CB68,?,\\.\,00B8CC08), ref: 00B64BCA
                                                                            • SetErrorMode.KERNEL32(00000000,00B8CB68,?,\\.\,00B8CC08), ref: 00B64D36
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$DriveType
                                                                            • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                            • API String ID: 2907320926-4222207086
                                                                            • Opcode ID: f85aca9ff2940195c23bb0921cd4859b1db84e5b7f47d6baa809d4a765373722
                                                                            • Instruction ID: 3683d80dc21bd35714aa932537e8567cedda2c47c8d0ace4b6cc10ec5f40fd93
                                                                            • Opcode Fuzzy Hash: f85aca9ff2940195c23bb0921cd4859b1db84e5b7f47d6baa809d4a765373722
                                                                            • Instruction Fuzzy Hash: B461B17160590AABCB04DF68CAC19BD7BE0EF05340B2444E5F80AAB7A1DBBDED41DB51
                                                                            APIs
                                                                            • GetSysColor.USER32(00000012), ref: 00B87421
                                                                            • SetTextColor.GDI32(?,?), ref: 00B87425
                                                                            • GetSysColorBrush.USER32(0000000F), ref: 00B8743B
                                                                            • GetSysColor.USER32(0000000F), ref: 00B87446
                                                                            • CreateSolidBrush.GDI32(?), ref: 00B8744B
                                                                            • GetSysColor.USER32(00000011), ref: 00B87463
                                                                            • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00B87471
                                                                            • SelectObject.GDI32(?,00000000), ref: 00B87482
                                                                            • SetBkColor.GDI32(?,00000000), ref: 00B8748B
                                                                            • SelectObject.GDI32(?,?), ref: 00B87498
                                                                            • InflateRect.USER32(?,000000FF,000000FF), ref: 00B874B7
                                                                            • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00B874CE
                                                                            • GetWindowLongW.USER32(00000000,000000F0), ref: 00B874DB
                                                                            • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00B8752A
                                                                            • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00B87554
                                                                            • InflateRect.USER32(?,000000FD,000000FD), ref: 00B87572
                                                                            • DrawFocusRect.USER32(?,?), ref: 00B8757D
                                                                            • GetSysColor.USER32(00000011), ref: 00B8758E
                                                                            • SetTextColor.GDI32(?,00000000), ref: 00B87596
                                                                            • DrawTextW.USER32(?,00B870F5,000000FF,?,00000000), ref: 00B875A8
                                                                            • SelectObject.GDI32(?,?), ref: 00B875BF
                                                                            • DeleteObject.GDI32(?), ref: 00B875CA
                                                                            • SelectObject.GDI32(?,?), ref: 00B875D0
                                                                            • DeleteObject.GDI32(?), ref: 00B875D5
                                                                            • SetTextColor.GDI32(?,?), ref: 00B875DB
                                                                            • SetBkColor.GDI32(?,?), ref: 00B875E5
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                            • String ID:
                                                                            • API String ID: 1996641542-0
                                                                            • Opcode ID: 47b723b357bc9d9aaf8e93e114813170cd007e307cba37c4cb3733dafd04fc04
                                                                            • Instruction ID: 4265c3900008a6c068b6f72a761099235cec1612577e4c91de83542a1d459d54
                                                                            • Opcode Fuzzy Hash: 47b723b357bc9d9aaf8e93e114813170cd007e307cba37c4cb3733dafd04fc04
                                                                            • Instruction Fuzzy Hash: FB6152B1900219AFDF01AFA4DC49EEE7FB9EB08320F254155F915B72B1DB749940CBA0
                                                                            APIs
                                                                            • GetCursorPos.USER32(?), ref: 00B81128
                                                                            • GetDesktopWindow.USER32 ref: 00B8113D
                                                                            • GetWindowRect.USER32(00000000), ref: 00B81144
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00B81199
                                                                            • DestroyWindow.USER32(?), ref: 00B811B9
                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00B811ED
                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B8120B
                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00B8121D
                                                                            • SendMessageW.USER32(00000000,00000421,?,?), ref: 00B81232
                                                                            • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00B81245
                                                                            • IsWindowVisible.USER32(00000000), ref: 00B812A1
                                                                            • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00B812BC
                                                                            • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00B812D0
                                                                            • GetWindowRect.USER32(00000000,?), ref: 00B812E8
                                                                            • MonitorFromPoint.USER32(?,?,00000002), ref: 00B8130E
                                                                            • GetMonitorInfoW.USER32(00000000,?), ref: 00B81328
                                                                            • CopyRect.USER32(?,?), ref: 00B8133F
                                                                            • SendMessageW.USER32(00000000,00000412,00000000), ref: 00B813AA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                            • String ID: ($0$tooltips_class32
                                                                            • API String ID: 698492251-4156429822
                                                                            • Opcode ID: 6e7d00a34d875f494f5c552d700cbd9c9075cb7459f18a96de8d9a0a08758b50
                                                                            • Instruction ID: ad8202040d66385ae60b603cedf0b94ab6bb76ee8cb2165846acdc600e3e1a40
                                                                            • Opcode Fuzzy Hash: 6e7d00a34d875f494f5c552d700cbd9c9075cb7459f18a96de8d9a0a08758b50
                                                                            • Instruction Fuzzy Hash: 3CB18D71605341AFD710EF68C984B6BBBE8FF84350F008958F99A9B261DB71EC45CBA1
                                                                            APIs
                                                                            • CharUpperBuffW.USER32(?,?), ref: 00B802E5
                                                                            • _wcslen.LIBCMT ref: 00B8031F
                                                                            • _wcslen.LIBCMT ref: 00B80389
                                                                            • _wcslen.LIBCMT ref: 00B803F1
                                                                            • _wcslen.LIBCMT ref: 00B80475
                                                                            • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00B804C5
                                                                            • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00B80504
                                                                              • Part of subcall function 00B0F9F2: _wcslen.LIBCMT ref: 00B0F9FD
                                                                              • Part of subcall function 00B5223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00B52258
                                                                              • Part of subcall function 00B5223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00B5228A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                            • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                            • API String ID: 1103490817-719923060
                                                                            • Opcode ID: e7677958e4c180eb8de42898b5b065fd2ecfcc59c39f939c14f575307228699a
                                                                            • Instruction ID: 5ce1ddb4cdb69a97e6c65bdada36d602e9d2dc6f2b659b2279a1607230ae8d1d
                                                                            • Opcode Fuzzy Hash: e7677958e4c180eb8de42898b5b065fd2ecfcc59c39f939c14f575307228699a
                                                                            • Instruction Fuzzy Hash: 09E19B312282018FC754FF24C59197AB7E6FF98394B1449ACF8969B3A1DB30ED49CB91
                                                                            APIs
                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00B08968
                                                                            • GetSystemMetrics.USER32(00000007), ref: 00B08970
                                                                            • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00B0899B
                                                                            • GetSystemMetrics.USER32(00000008), ref: 00B089A3
                                                                            • GetSystemMetrics.USER32(00000004), ref: 00B089C8
                                                                            • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00B089E5
                                                                            • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00B089F5
                                                                            • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00B08A28
                                                                            • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00B08A3C
                                                                            • GetClientRect.USER32(00000000,000000FF), ref: 00B08A5A
                                                                            • GetStockObject.GDI32(00000011), ref: 00B08A76
                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00B08A81
                                                                              • Part of subcall function 00B0912D: GetCursorPos.USER32(?), ref: 00B09141
                                                                              • Part of subcall function 00B0912D: ScreenToClient.USER32(00000000,?), ref: 00B0915E
                                                                              • Part of subcall function 00B0912D: GetAsyncKeyState.USER32(00000001), ref: 00B09183
                                                                              • Part of subcall function 00B0912D: GetAsyncKeyState.USER32(00000002), ref: 00B0919D
                                                                            • SetTimer.USER32(00000000,00000000,00000028,00B090FC), ref: 00B08AA8
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                            • String ID: AutoIt v3 GUI
                                                                            • API String ID: 1458621304-248962490
                                                                            • Opcode ID: 45eadd09ac1b720db2500fdd7834de24829fd055b3de6b32aed39df1db600f93
                                                                            • Instruction ID: 6636dce52b2a88f1e776ea4afe45194695851ffc3b08f6536021f8acc27ceb0b
                                                                            • Opcode Fuzzy Hash: 45eadd09ac1b720db2500fdd7834de24829fd055b3de6b32aed39df1db600f93
                                                                            • Instruction Fuzzy Hash: C3B15B71A0020A9FDF14DFA8DC85BAA3BF5FB49314F104269FA15A72E0DB74E941CB61
                                                                            APIs
                                                                              • Part of subcall function 00B510F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00B51114
                                                                              • Part of subcall function 00B510F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00B50B9B,?,?,?), ref: 00B51120
                                                                              • Part of subcall function 00B510F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00B50B9B,?,?,?), ref: 00B5112F
                                                                              • Part of subcall function 00B510F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00B50B9B,?,?,?), ref: 00B51136
                                                                              • Part of subcall function 00B510F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00B5114D
                                                                            • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00B50DF5
                                                                            • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00B50E29
                                                                            • GetLengthSid.ADVAPI32(?), ref: 00B50E40
                                                                            • GetAce.ADVAPI32(?,00000000,?), ref: 00B50E7A
                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00B50E96
                                                                            • GetLengthSid.ADVAPI32(?), ref: 00B50EAD
                                                                            • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00B50EB5
                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00B50EBC
                                                                            • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00B50EDD
                                                                            • CopySid.ADVAPI32(00000000), ref: 00B50EE4
                                                                            • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00B50F13
                                                                            • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00B50F35
                                                                            • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00B50F47
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B50F6E
                                                                            • HeapFree.KERNEL32(00000000), ref: 00B50F75
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B50F7E
                                                                            • HeapFree.KERNEL32(00000000), ref: 00B50F85
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B50F8E
                                                                            • HeapFree.KERNEL32(00000000), ref: 00B50F95
                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00B50FA1
                                                                            • HeapFree.KERNEL32(00000000), ref: 00B50FA8
                                                                              • Part of subcall function 00B51193: GetProcessHeap.KERNEL32(00000008,00B50BB1,?,00000000,?,00B50BB1,?), ref: 00B511A1
                                                                              • Part of subcall function 00B51193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00B50BB1,?), ref: 00B511A8
                                                                              • Part of subcall function 00B51193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00B50BB1,?), ref: 00B511B7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                            • String ID:
                                                                            • API String ID: 4175595110-0
                                                                            • Opcode ID: 1e95c36d3ada9ec54d03ad74121ffe4254c9c1992a5adf1cc910d623cf830e37
                                                                            • Instruction ID: c742436eb75fd4723f77e525b2bf480bf0b491a3e125926c0a613dc871596d6b
                                                                            • Opcode Fuzzy Hash: 1e95c36d3ada9ec54d03ad74121ffe4254c9c1992a5adf1cc910d623cf830e37
                                                                            • Instruction Fuzzy Hash: 53715EB190020AEBDF20AFA4DC49FAEBBB8FF04341F144195F919A7191DB719909CB70
                                                                            APIs
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B7C4BD
                                                                            • RegCreateKeyExW.ADVAPI32(?,?,00000000,00B8CC08,00000000,?,00000000,?,?), ref: 00B7C544
                                                                            • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00B7C5A4
                                                                            • _wcslen.LIBCMT ref: 00B7C5F4
                                                                            • _wcslen.LIBCMT ref: 00B7C66F
                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00B7C6B2
                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00B7C7C1
                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00B7C84D
                                                                            • RegCloseKey.ADVAPI32(?), ref: 00B7C881
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00B7C88E
                                                                            • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00B7C960
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                            • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                            • API String ID: 9721498-966354055
                                                                            • Opcode ID: d60124201971f854da242ddaacede8609e2a003705fa278e2de1705729b47725
                                                                            • Instruction ID: 2b10df347634b4a8beea785e93eb28645aea18263577455a5d5e12008f03d9fa
                                                                            • Opcode Fuzzy Hash: d60124201971f854da242ddaacede8609e2a003705fa278e2de1705729b47725
                                                                            • Instruction Fuzzy Hash: 2F1279756042019FC714DF24C981E2ABBE5FF88714F14889CF99A9B3A2DB31ED45CB81
                                                                            APIs
                                                                            • CharUpperBuffW.USER32(?,?), ref: 00B809C6
                                                                            • _wcslen.LIBCMT ref: 00B80A01
                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00B80A54
                                                                            • _wcslen.LIBCMT ref: 00B80A8A
                                                                            • _wcslen.LIBCMT ref: 00B80B06
                                                                            • _wcslen.LIBCMT ref: 00B80B81
                                                                              • Part of subcall function 00B0F9F2: _wcslen.LIBCMT ref: 00B0F9FD
                                                                              • Part of subcall function 00B52BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00B52BFA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                            • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                            • API String ID: 1103490817-4258414348
                                                                            • Opcode ID: 2c671dc184c7bfee78714a0190af0eb4be89771015cb65e09c2dcab698ad6cf9
                                                                            • Instruction ID: db5f59231032095898417ec2e1148feef0132913163a2ee8ce74088f204ba092
                                                                            • Opcode Fuzzy Hash: 2c671dc184c7bfee78714a0190af0eb4be89771015cb65e09c2dcab698ad6cf9
                                                                            • Instruction Fuzzy Hash: B5E18B312183018FC754FF64C59096AB7E1FF98394B1489ADF8969B3A2DB31ED49CB81
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$BuffCharUpper
                                                                            • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                            • API String ID: 1256254125-909552448
                                                                            • Opcode ID: 60f25f533e9f6265d8bf39f3f8055972033e7383694e55b792d8c6bf71d8c6d8
                                                                            • Instruction ID: 01f9b300e7aadfd3cdd963758516d691437e7ac38f8b049e5483025b3e11426c
                                                                            • Opcode Fuzzy Hash: 60f25f533e9f6265d8bf39f3f8055972033e7383694e55b792d8c6bf71d8c6d8
                                                                            • Instruction Fuzzy Hash: 6071C53360052A8BCB20DE7CC9515FE3BD1DBA4754F2585ACF87EA7285EA71CD4583A0
                                                                            APIs
                                                                            • _wcslen.LIBCMT ref: 00B8835A
                                                                            • _wcslen.LIBCMT ref: 00B8836E
                                                                            • _wcslen.LIBCMT ref: 00B88391
                                                                            • _wcslen.LIBCMT ref: 00B883B4
                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00B883F2
                                                                            • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00B85BF2), ref: 00B8844E
                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00B88487
                                                                            • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00B884CA
                                                                            • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00B88501
                                                                            • FreeLibrary.KERNEL32(?), ref: 00B8850D
                                                                            • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00B8851D
                                                                            • DestroyIcon.USER32(?,?,?,?,?,00B85BF2), ref: 00B8852C
                                                                            • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00B88549
                                                                            • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00B88555
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                            • String ID: .dll$.exe$.icl
                                                                            • API String ID: 799131459-1154884017
                                                                            • Opcode ID: 3f438cc4517337387b8102e2686efbc4e04fa0b094284cfc98f5867b43ef6424
                                                                            • Instruction ID: a092fcf5c1203b50b8c4deeba593b5e9b60e099bfa68bdc67b4d4b60c71489c3
                                                                            • Opcode Fuzzy Hash: 3f438cc4517337387b8102e2686efbc4e04fa0b094284cfc98f5867b43ef6424
                                                                            • Instruction Fuzzy Hash: D661AE7254021ABBEB14AF64CC81BFE7BA8EF14711F504589F915E61E1DF74A980CBA0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                            • API String ID: 0-1645009161
                                                                            • Opcode ID: b4f9e2cfe469121cad02911060a73dc0c95cf0e1e5c930e9c6e7111059cc7681
                                                                            • Instruction ID: 61603dd313b83dff3fa95324e9ade9cfae038babba78b14cece7c10a6c639680
                                                                            • Opcode Fuzzy Hash: b4f9e2cfe469121cad02911060a73dc0c95cf0e1e5c930e9c6e7111059cc7681
                                                                            • Instruction Fuzzy Hash: 2C81C471604609ABDB20BFA0CC42FFF7BE8EF15340F1440A5FA05AA1A6EB70D951C7A1
                                                                            APIs
                                                                            • CharLowerBuffW.USER32(?,?), ref: 00B63EF8
                                                                            • _wcslen.LIBCMT ref: 00B63F03
                                                                            • _wcslen.LIBCMT ref: 00B63F5A
                                                                            • _wcslen.LIBCMT ref: 00B63F98
                                                                            • GetDriveTypeW.KERNEL32(?), ref: 00B63FD6
                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00B6401E
                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00B64059
                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00B64087
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                            • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                            • API String ID: 1839972693-4113822522
                                                                            • Opcode ID: ba388f64afdfa9deadfd6c3bb2f0fa7cb7eeb0cf85acebe5eff7a6093d1c3be2
                                                                            • Instruction ID: 7da0cc3cfe14713bc4944626a9e90cf6d6aa7af446176473aa1dfdafc32697b6
                                                                            • Opcode Fuzzy Hash: ba388f64afdfa9deadfd6c3bb2f0fa7cb7eeb0cf85acebe5eff7a6093d1c3be2
                                                                            • Instruction Fuzzy Hash: 9E7100326042169FC310EF24C9819BBB7F4EF94B64F00496DF996972A1EB34ED49CB91
                                                                            APIs
                                                                            • LoadIconW.USER32(00000063), ref: 00B55A2E
                                                                            • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00B55A40
                                                                            • SetWindowTextW.USER32(?,?), ref: 00B55A57
                                                                            • GetDlgItem.USER32(?,000003EA), ref: 00B55A6C
                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00B55A72
                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00B55A82
                                                                            • SetWindowTextW.USER32(00000000,?), ref: 00B55A88
                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00B55AA9
                                                                            • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00B55AC3
                                                                            • GetWindowRect.USER32(?,?), ref: 00B55ACC
                                                                            • _wcslen.LIBCMT ref: 00B55B33
                                                                            • SetWindowTextW.USER32(?,?), ref: 00B55B6F
                                                                            • GetDesktopWindow.USER32 ref: 00B55B75
                                                                            • GetWindowRect.USER32(00000000), ref: 00B55B7C
                                                                            • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00B55BD3
                                                                            • GetClientRect.USER32(?,?), ref: 00B55BE0
                                                                            • PostMessageW.USER32(?,00000005,00000000,?), ref: 00B55C05
                                                                            • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00B55C2F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                            • String ID:
                                                                            • API String ID: 895679908-0
                                                                            • Opcode ID: 29a525ee064081dfff0bb1b5263882a39bb9f9747604ce7a3fb46420c142a9a4
                                                                            • Instruction ID: c3503bbd1f5a640a30472adfbfc4d8c4f6f055efbb074c210044db9b27499a32
                                                                            • Opcode Fuzzy Hash: 29a525ee064081dfff0bb1b5263882a39bb9f9747604ce7a3fb46420c142a9a4
                                                                            • Instruction Fuzzy Hash: 05716D71900B05AFDB20DFA8CE99B6EBBF5FF48706F104598E542A35A0DB74E944CB60
                                                                            APIs
                                                                            • LoadCursorW.USER32(00000000,00007F89), ref: 00B6FE27
                                                                            • LoadCursorW.USER32(00000000,00007F8A), ref: 00B6FE32
                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 00B6FE3D
                                                                            • LoadCursorW.USER32(00000000,00007F03), ref: 00B6FE48
                                                                            • LoadCursorW.USER32(00000000,00007F8B), ref: 00B6FE53
                                                                            • LoadCursorW.USER32(00000000,00007F01), ref: 00B6FE5E
                                                                            • LoadCursorW.USER32(00000000,00007F81), ref: 00B6FE69
                                                                            • LoadCursorW.USER32(00000000,00007F88), ref: 00B6FE74
                                                                            • LoadCursorW.USER32(00000000,00007F80), ref: 00B6FE7F
                                                                            • LoadCursorW.USER32(00000000,00007F86), ref: 00B6FE8A
                                                                            • LoadCursorW.USER32(00000000,00007F83), ref: 00B6FE95
                                                                            • LoadCursorW.USER32(00000000,00007F85), ref: 00B6FEA0
                                                                            • LoadCursorW.USER32(00000000,00007F82), ref: 00B6FEAB
                                                                            • LoadCursorW.USER32(00000000,00007F84), ref: 00B6FEB6
                                                                            • LoadCursorW.USER32(00000000,00007F04), ref: 00B6FEC1
                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 00B6FECC
                                                                            • GetCursorInfo.USER32(?), ref: 00B6FEDC
                                                                            • GetLastError.KERNEL32 ref: 00B6FF1E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Cursor$Load$ErrorInfoLast
                                                                            • String ID:
                                                                            • API String ID: 3215588206-0
                                                                            • Opcode ID: 0bee4771820f71aa46d773a7a1c8b881450ccec2e8c3758b044ebc26831aa9f2
                                                                            • Instruction ID: 014a291b47fb62256797a4eb77643b121b7b694982c3c32a44781590df5af111
                                                                            • Opcode Fuzzy Hash: 0bee4771820f71aa46d773a7a1c8b881450ccec2e8c3758b044ebc26831aa9f2
                                                                            • Instruction Fuzzy Hash: 874185B0D0531A6ADB10DFBA9C8586EBFE8FF04754B50456AF11DE7281DB789901CF90
                                                                            APIs
                                                                            • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00B100C6
                                                                              • Part of subcall function 00B100ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00BC070C,00000FA0,025DBF8B,?,?,?,?,00B323B3,000000FF), ref: 00B1011C
                                                                              • Part of subcall function 00B100ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00B323B3,000000FF), ref: 00B10127
                                                                              • Part of subcall function 00B100ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00B323B3,000000FF), ref: 00B10138
                                                                              • Part of subcall function 00B100ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00B1014E
                                                                              • Part of subcall function 00B100ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00B1015C
                                                                              • Part of subcall function 00B100ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00B1016A
                                                                              • Part of subcall function 00B100ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00B10195
                                                                              • Part of subcall function 00B100ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00B101A0
                                                                            • ___scrt_fastfail.LIBCMT ref: 00B100E7
                                                                              • Part of subcall function 00B100A3: __onexit.LIBCMT ref: 00B100A9
                                                                            Strings
                                                                            • WakeAllConditionVariable, xrefs: 00B10162
                                                                            • kernel32.dll, xrefs: 00B10133
                                                                            • InitializeConditionVariable, xrefs: 00B10148
                                                                            • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00B10122
                                                                            • SleepConditionVariableCS, xrefs: 00B10154
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                            • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                            • API String ID: 66158676-1714406822
                                                                            • Opcode ID: 1b4cf92482c335893ea243df72157e598defb68fa5c0acd7c050d08594c520f6
                                                                            • Instruction ID: 62ad51ccfa903bb9e3c630195a47f42d43f6240ef4ccd03104e9e281d5485f7b
                                                                            • Opcode Fuzzy Hash: 1b4cf92482c335893ea243df72157e598defb68fa5c0acd7c050d08594c520f6
                                                                            • Instruction Fuzzy Hash: 7521C572664711ABD7107B64AC49BAA3BD4EF08F51F5001BAF901F36B1DEB49C80CBA0
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen
                                                                            • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                            • API String ID: 176396367-1603158881
                                                                            • Opcode ID: 83a94ba5f457e66af2663db19f7b1bd96abb659e82f85f9ccd5ba1a674e15edb
                                                                            • Instruction ID: 26c215860c6de8fe1b8ff19f8e1c385518e464422e90f2990792af6f91486680
                                                                            • Opcode Fuzzy Hash: 83a94ba5f457e66af2663db19f7b1bd96abb659e82f85f9ccd5ba1a674e15edb
                                                                            • Instruction Fuzzy Hash: 6EE1B332A005169BCB249FB8C4917FDBBE0FF54B91F5481D9E856A7340DB70AE8D8790
                                                                            APIs
                                                                            • CharLowerBuffW.USER32(00000000,00000000,00B8CC08), ref: 00B64527
                                                                            • _wcslen.LIBCMT ref: 00B6453B
                                                                            • _wcslen.LIBCMT ref: 00B64599
                                                                            • _wcslen.LIBCMT ref: 00B645F4
                                                                            • _wcslen.LIBCMT ref: 00B6463F
                                                                            • _wcslen.LIBCMT ref: 00B646A7
                                                                              • Part of subcall function 00B0F9F2: _wcslen.LIBCMT ref: 00B0F9FD
                                                                            • GetDriveTypeW.KERNEL32(?,00BB6BF0,00000061), ref: 00B64743
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$BuffCharDriveLowerType
                                                                            • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                            • API String ID: 2055661098-1000479233
                                                                            • Opcode ID: 1d76d917945328b7a725729bf36f068e4a4afb139dcc8992d77d99ed6c243dae
                                                                            • Instruction ID: 552f041efd97b3800a8b1cf88efd2812fe79c714bd106d2a87ff1aefb6fb453d
                                                                            • Opcode Fuzzy Hash: 1d76d917945328b7a725729bf36f068e4a4afb139dcc8992d77d99ed6c243dae
                                                                            • Instruction Fuzzy Hash: B3B1FD716087029FC720DF28C890A7AB7E5EFA5760F50499DF596C7291EB38DC44CBA2
                                                                            APIs
                                                                            • _wcslen.LIBCMT ref: 00B7B198
                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00B7B1B0
                                                                            • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00B7B1D4
                                                                            • _wcslen.LIBCMT ref: 00B7B200
                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00B7B214
                                                                            • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00B7B236
                                                                            • _wcslen.LIBCMT ref: 00B7B332
                                                                              • Part of subcall function 00B605A7: GetStdHandle.KERNEL32(000000F6), ref: 00B605C6
                                                                            • _wcslen.LIBCMT ref: 00B7B34B
                                                                            • _wcslen.LIBCMT ref: 00B7B366
                                                                            • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00B7B3B6
                                                                            • GetLastError.KERNEL32(00000000), ref: 00B7B407
                                                                            • CloseHandle.KERNEL32(?), ref: 00B7B439
                                                                            • CloseHandle.KERNEL32(00000000), ref: 00B7B44A
                                                                            • CloseHandle.KERNEL32(00000000), ref: 00B7B45C
                                                                            • CloseHandle.KERNEL32(00000000), ref: 00B7B46E
                                                                            • CloseHandle.KERNEL32(?), ref: 00B7B4E3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                            • String ID:
                                                                            • API String ID: 2178637699-0
                                                                            • Opcode ID: e555274085cb2fe0bfe52dca91fb95cbdd11096d743f381da71615ab97aab553
                                                                            • Instruction ID: 02baea4059e123e3de25cf5114615c0cd609b9d1c37b58d440b23b18bcd55ae7
                                                                            • Opcode Fuzzy Hash: e555274085cb2fe0bfe52dca91fb95cbdd11096d743f381da71615ab97aab553
                                                                            • Instruction Fuzzy Hash: EEF17A316082409FC724EF24C891B6EBBE5EF85314F14859DF9A99B2A2CB31EC44CF52
                                                                            APIs
                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,00B8CC08), ref: 00B740BB
                                                                            • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00B740CD
                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00B8CC08), ref: 00B740F2
                                                                            • FreeLibrary.KERNEL32(00000000,?,00B8CC08), ref: 00B7413E
                                                                            • StringFromGUID2.OLE32(?,?,00000028,?,00B8CC08), ref: 00B741A8
                                                                            • SysFreeString.OLEAUT32(00000009), ref: 00B74262
                                                                            • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00B742C8
                                                                            • SysFreeString.OLEAUT32(?), ref: 00B742F2
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                            • String ID: GetModuleHandleExW$kernel32.dll
                                                                            • API String ID: 354098117-199464113
                                                                            • Opcode ID: 13d049cf71dd8a12a64489fb006b053fae232b773a4d45e1b0c2373893cd07f1
                                                                            • Instruction ID: 677e2010e8a35c424ba372523efa596907828b48567fc25a10677a75745f9b79
                                                                            • Opcode Fuzzy Hash: 13d049cf71dd8a12a64489fb006b053fae232b773a4d45e1b0c2373893cd07f1
                                                                            • Instruction Fuzzy Hash: D5123975A00119AFDB14DF94C884EAEBBF5FF45315F24C098E919AB261CB31ED46CBA0
                                                                            APIs
                                                                            • GetMenuItemCount.USER32(00BC1990), ref: 00B32F8D
                                                                            • GetMenuItemCount.USER32(00BC1990), ref: 00B3303D
                                                                            • GetCursorPos.USER32(?), ref: 00B33081
                                                                            • SetForegroundWindow.USER32(00000000), ref: 00B3308A
                                                                            • TrackPopupMenuEx.USER32(00BC1990,00000000,?,00000000,00000000,00000000), ref: 00B3309D
                                                                            • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00B330A9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                            • String ID: 0
                                                                            • API String ID: 36266755-4108050209
                                                                            • Opcode ID: 8662c70f795ec198839a5f65e9d57eba3201bb273e978a1c97e2803ea816dd5f
                                                                            • Instruction ID: 0bd6e4dbd1033c55c8564162b7cc744365394fa7d722e89b68f31933edfccf53
                                                                            • Opcode Fuzzy Hash: 8662c70f795ec198839a5f65e9d57eba3201bb273e978a1c97e2803ea816dd5f
                                                                            • Instruction Fuzzy Hash: 5E711871640219BEEF259F64CC8AFEABFA4FF05764F304256F614661E1C7B1A910CB90
                                                                            APIs
                                                                            • DestroyWindow.USER32(00000000,?), ref: 00B86DEB
                                                                              • Part of subcall function 00AF6B57: _wcslen.LIBCMT ref: 00AF6B6A
                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00B86E5F
                                                                            • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00B86E81
                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B86E94
                                                                            • DestroyWindow.USER32(?), ref: 00B86EB5
                                                                            • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00AF0000,00000000), ref: 00B86EE4
                                                                            • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00B86EFD
                                                                            • GetDesktopWindow.USER32 ref: 00B86F16
                                                                            • GetWindowRect.USER32(00000000), ref: 00B86F1D
                                                                            • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00B86F35
                                                                            • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00B86F4D
                                                                              • Part of subcall function 00B09944: GetWindowLongW.USER32(?,000000EB), ref: 00B09952
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                            • String ID: 0$tooltips_class32
                                                                            • API String ID: 2429346358-3619404913
                                                                            • Opcode ID: ababe057976b13b63a7cf31de076c0da1612e3c5d4edea3a16516da65e436cc5
                                                                            • Instruction ID: 2ba632a2f8d5b25f14c74dadb2598dbcb372bc2f2f04436a0928f4f4ebe534e7
                                                                            • Opcode Fuzzy Hash: ababe057976b13b63a7cf31de076c0da1612e3c5d4edea3a16516da65e436cc5
                                                                            • Instruction Fuzzy Hash: DD7148B4144244AFDB21DF18DC48FAABBE9FB89305F44085DFA9997271DB70E906CB21
                                                                            APIs
                                                                              • Part of subcall function 00B09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B09BB2
                                                                            • DragQueryPoint.SHELL32(?,?), ref: 00B89147
                                                                              • Part of subcall function 00B87674: ClientToScreen.USER32(?,?), ref: 00B8769A
                                                                              • Part of subcall function 00B87674: GetWindowRect.USER32(?,?), ref: 00B87710
                                                                              • Part of subcall function 00B87674: PtInRect.USER32(?,?,00B88B89), ref: 00B87720
                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00B891B0
                                                                            • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00B891BB
                                                                            • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00B891DE
                                                                            • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00B89225
                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00B8923E
                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 00B89255
                                                                            • SendMessageW.USER32(?,000000B1,?,?), ref: 00B89277
                                                                            • DragFinish.SHELL32(?), ref: 00B8927E
                                                                            • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00B89371
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                            • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                            • API String ID: 221274066-3440237614
                                                                            • Opcode ID: f78b048008883c814f202a427d7c8edad22041749b2bd0a553f29aa0b85a5623
                                                                            • Instruction ID: 561eca2e26374a070fc0fd9f9f930c1fede7015b12eb19a8d35a8241d91bc204
                                                                            • Opcode Fuzzy Hash: f78b048008883c814f202a427d7c8edad22041749b2bd0a553f29aa0b85a5623
                                                                            • Instruction Fuzzy Hash: 8F617871108305AFC701EFA4DD85EABBBE8EF89750F00096DF695931A1DB709A49CB62
                                                                            APIs
                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00B6C4B0
                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00B6C4C3
                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00B6C4D7
                                                                            • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00B6C4F0
                                                                            • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00B6C533
                                                                            • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00B6C549
                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00B6C554
                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00B6C584
                                                                            • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00B6C5DC
                                                                            • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00B6C5F0
                                                                            • InternetCloseHandle.WININET(00000000), ref: 00B6C5FB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                            • String ID:
                                                                            • API String ID: 3800310941-3916222277
                                                                            • Opcode ID: dbd5a8c9fecae8df77012311be01972eae9085b41041d1a44a1526cb53157d21
                                                                            • Instruction ID: 43954f9ec8cb739494d52bd095469f9050f2873820d98c32e6f936488a242cbf
                                                                            • Opcode Fuzzy Hash: dbd5a8c9fecae8df77012311be01972eae9085b41041d1a44a1526cb53157d21
                                                                            • Instruction Fuzzy Hash: C15138B1600208BFEB219F60CD89ABA7FFCEB18754F00445AF98697650DB38E944DB60
                                                                            APIs
                                                                            • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00B88592
                                                                            • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B885A2
                                                                            • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B885AD
                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B885BA
                                                                            • GlobalLock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B885C8
                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B885D7
                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B885E0
                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B885E7
                                                                            • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00B885F8
                                                                            • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,00B8FC38,?), ref: 00B88611
                                                                            • GlobalFree.KERNEL32(00000000), ref: 00B88621
                                                                            • GetObjectW.GDI32(?,00000018,?), ref: 00B88641
                                                                            • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00B88671
                                                                            • DeleteObject.GDI32(?), ref: 00B88699
                                                                            • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00B886AF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                            • String ID:
                                                                            • API String ID: 3840717409-0
                                                                            • Opcode ID: 8d6979b92c768eb5e0f0de04bacd28b908a749771fdb63308b67b71ba94aa1e2
                                                                            • Instruction ID: e89f551d0f68979aaf055279c71cadd51198ee908f8656803794cb977d20be42
                                                                            • Opcode Fuzzy Hash: 8d6979b92c768eb5e0f0de04bacd28b908a749771fdb63308b67b71ba94aa1e2
                                                                            • Instruction Fuzzy Hash: CB4109B5600208AFDB11DFA5DC88EAA7BB9FF89B11F144058F905E72B1DB309D01DB60
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(00000000), ref: 00B61502
                                                                            • VariantCopy.OLEAUT32(?,?), ref: 00B6150B
                                                                            • VariantClear.OLEAUT32(?), ref: 00B61517
                                                                            • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00B615FB
                                                                            • VarR8FromDec.OLEAUT32(?,?), ref: 00B61657
                                                                            • VariantInit.OLEAUT32(?), ref: 00B61708
                                                                            • SysFreeString.OLEAUT32(?), ref: 00B6178C
                                                                            • VariantClear.OLEAUT32(?), ref: 00B617D8
                                                                            • VariantClear.OLEAUT32(?), ref: 00B617E7
                                                                            • VariantInit.OLEAUT32(00000000), ref: 00B61823
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                            • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                            • API String ID: 1234038744-3931177956
                                                                            • Opcode ID: 0c395406121561337cb0ba62940027ca8eebeb06fe8ea3970cd71f1e636afd72
                                                                            • Instruction ID: 5a075f877c8bff8bd5a7734a646335409e770d505fc51e8388a75ae467600976
                                                                            • Opcode Fuzzy Hash: 0c395406121561337cb0ba62940027ca8eebeb06fe8ea3970cd71f1e636afd72
                                                                            • Instruction Fuzzy Hash: 52D1CE71A00215DBDB109F69D885B79FBF5FF44700F188996F406AB690EB38EC41DB61
                                                                            APIs
                                                                              • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                              • Part of subcall function 00B7C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B7B6AE,?,?), ref: 00B7C9B5
                                                                              • Part of subcall function 00B7C998: _wcslen.LIBCMT ref: 00B7C9F1
                                                                              • Part of subcall function 00B7C998: _wcslen.LIBCMT ref: 00B7CA68
                                                                              • Part of subcall function 00B7C998: _wcslen.LIBCMT ref: 00B7CA9E
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B7B6F4
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B7B772
                                                                            • RegDeleteValueW.ADVAPI32(?,?), ref: 00B7B80A
                                                                            • RegCloseKey.ADVAPI32(?), ref: 00B7B87E
                                                                            • RegCloseKey.ADVAPI32(?), ref: 00B7B89C
                                                                            • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00B7B8F2
                                                                            • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00B7B904
                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 00B7B922
                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00B7B983
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00B7B994
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                            • API String ID: 146587525-4033151799
                                                                            • Opcode ID: bdd96ac4cdbcc82c6eeaf018685efa486e5ded7e84b78222a22f7d8692cc96d8
                                                                            • Instruction ID: 1b0fc407cd9cb88e4b06b0ad4bdfd282bc016821781fee92d3147dae5ac8104b
                                                                            • Opcode Fuzzy Hash: bdd96ac4cdbcc82c6eeaf018685efa486e5ded7e84b78222a22f7d8692cc96d8
                                                                            • Instruction Fuzzy Hash: F7C15A70208201AFD714DF54C595F2ABBE5EF84318F14859CF5AA8B2A2CB71ED45CF92
                                                                            APIs
                                                                            • GetDC.USER32(00000000), ref: 00B725D8
                                                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00B725E8
                                                                            • CreateCompatibleDC.GDI32(?), ref: 00B725F4
                                                                            • SelectObject.GDI32(00000000,?), ref: 00B72601
                                                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00B7266D
                                                                            • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00B726AC
                                                                            • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00B726D0
                                                                            • SelectObject.GDI32(?,?), ref: 00B726D8
                                                                            • DeleteObject.GDI32(?), ref: 00B726E1
                                                                            • DeleteDC.GDI32(?), ref: 00B726E8
                                                                            • ReleaseDC.USER32(00000000,?), ref: 00B726F3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                            • String ID: (
                                                                            • API String ID: 2598888154-3887548279
                                                                            • Opcode ID: b0af0a500fa41a4afb9633d1841fa8aa423400844834d909ca154e6da1a5c108
                                                                            • Instruction ID: f1612cfe0b83f3440b8e3d682ac744c2df8c37f09c82e596d635999bccefb667
                                                                            • Opcode Fuzzy Hash: b0af0a500fa41a4afb9633d1841fa8aa423400844834d909ca154e6da1a5c108
                                                                            • Instruction Fuzzy Hash: 4F61C3B5D00219EFCF14CFA4D884AAEBBF5FF48310F20856AE559A7250D774A951CF60
                                                                            APIs
                                                                            • ___free_lconv_mon.LIBCMT ref: 00B2DAA1
                                                                              • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D659
                                                                              • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D66B
                                                                              • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D67D
                                                                              • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D68F
                                                                              • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D6A1
                                                                              • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D6B3
                                                                              • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D6C5
                                                                              • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D6D7
                                                                              • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D6E9
                                                                              • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D6FB
                                                                              • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D70D
                                                                              • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D71F
                                                                              • Part of subcall function 00B2D63C: _free.LIBCMT ref: 00B2D731
                                                                            • _free.LIBCMT ref: 00B2DA96
                                                                              • Part of subcall function 00B229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000), ref: 00B229DE
                                                                              • Part of subcall function 00B229C8: GetLastError.KERNEL32(00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000,00000000), ref: 00B229F0
                                                                            • _free.LIBCMT ref: 00B2DAB8
                                                                            • _free.LIBCMT ref: 00B2DACD
                                                                            • _free.LIBCMT ref: 00B2DAD8
                                                                            • _free.LIBCMT ref: 00B2DAFA
                                                                            • _free.LIBCMT ref: 00B2DB0D
                                                                            • _free.LIBCMT ref: 00B2DB1B
                                                                            • _free.LIBCMT ref: 00B2DB26
                                                                            • _free.LIBCMT ref: 00B2DB5E
                                                                            • _free.LIBCMT ref: 00B2DB65
                                                                            • _free.LIBCMT ref: 00B2DB82
                                                                            • _free.LIBCMT ref: 00B2DB9A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                            • String ID:
                                                                            • API String ID: 161543041-0
                                                                            • Opcode ID: 49d576b4f5329448fcf851a2dd02a567e252f1f9695f0ac51f6e88b5ff8874e7
                                                                            • Instruction ID: d5d1d404960e0aab4311ed5028884584ff88ee4ca7ec927f41bb56d31e289d85
                                                                            • Opcode Fuzzy Hash: 49d576b4f5329448fcf851a2dd02a567e252f1f9695f0ac51f6e88b5ff8874e7
                                                                            • Instruction Fuzzy Hash: 30316B32604324AFEB21AB38F849B5A77E9FF05310F5149A9E44DD7291DF30AC80C720
                                                                            APIs
                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00B5369C
                                                                            • _wcslen.LIBCMT ref: 00B536A7
                                                                            • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00B53797
                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00B5380C
                                                                            • GetDlgCtrlID.USER32(?), ref: 00B5385D
                                                                            • GetWindowRect.USER32(?,?), ref: 00B53882
                                                                            • GetParent.USER32(?), ref: 00B538A0
                                                                            • ScreenToClient.USER32(00000000), ref: 00B538A7
                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00B53921
                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00B5395D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                            • String ID: %s%u
                                                                            • API String ID: 4010501982-679674701
                                                                            • Opcode ID: e2478a3b9969f8224cb5a887c311e62fe2f60ff2a4d9334461745fede192e527
                                                                            • Instruction ID: 1555bddd0e8e05f94bb3586a9bd47e776d885255d2d0ff19206305db254d52ca
                                                                            • Opcode Fuzzy Hash: e2478a3b9969f8224cb5a887c311e62fe2f60ff2a4d9334461745fede192e527
                                                                            • Instruction Fuzzy Hash: 0191B4B1204606AFD719DF24C885FAAF7E8FF44781F0045A9FD9AC2250DB30EA59CB91
                                                                            APIs
                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00B54994
                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00B549DA
                                                                            • _wcslen.LIBCMT ref: 00B549EB
                                                                            • CharUpperBuffW.USER32(?,00000000), ref: 00B549F7
                                                                            • _wcsstr.LIBVCRUNTIME ref: 00B54A2C
                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00B54A64
                                                                            • GetWindowTextW.USER32(?,?,00000400), ref: 00B54A9D
                                                                            • GetClassNameW.USER32(00000018,?,00000400), ref: 00B54AE6
                                                                            • GetClassNameW.USER32(?,?,00000400), ref: 00B54B20
                                                                            • GetWindowRect.USER32(?,?), ref: 00B54B8B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                            • String ID: ThumbnailClass
                                                                            • API String ID: 1311036022-1241985126
                                                                            • Opcode ID: 173feb09f75759fa98638b630b5ee204682fc7ae85964b9b0e22d677fb8072d9
                                                                            • Instruction ID: 6c6efee3f8ac90d05b9b80d74962822ed864a9dc67b112be6cfac1b4307119a5
                                                                            • Opcode Fuzzy Hash: 173feb09f75759fa98638b630b5ee204682fc7ae85964b9b0e22d677fb8072d9
                                                                            • Instruction Fuzzy Hash: 3591BF710082059FDB05DF14C985BAA7BE8FF84359F0484E9FD859B196EB30ED89CBA1
                                                                            APIs
                                                                              • Part of subcall function 00B09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B09BB2
                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00B88D5A
                                                                            • GetFocus.USER32 ref: 00B88D6A
                                                                            • GetDlgCtrlID.USER32(00000000), ref: 00B88D75
                                                                            • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00B88E1D
                                                                            • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00B88ECF
                                                                            • GetMenuItemCount.USER32(?), ref: 00B88EEC
                                                                            • GetMenuItemID.USER32(?,00000000), ref: 00B88EFC
                                                                            • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00B88F2E
                                                                            • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00B88F70
                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00B88FA1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                            • String ID: 0
                                                                            • API String ID: 1026556194-4108050209
                                                                            • Opcode ID: d261f3ef5ce6879c59d62d15ef22750589bc7b517e91cc2f85f1508cda4032b8
                                                                            • Instruction ID: cda0d5ee18fa65403f78de8373e43b1b2c3b212c383fce1aece6e02b994c1bda
                                                                            • Opcode Fuzzy Hash: d261f3ef5ce6879c59d62d15ef22750589bc7b517e91cc2f85f1508cda4032b8
                                                                            • Instruction Fuzzy Hash: C8819E715083019FDB10EF24D884AAB7BE9FF88354F5409ADFA95972A1DF70D901CBA1
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(00BC1990,000000FF,00000000,00000030), ref: 00B5BFAC
                                                                            • SetMenuItemInfoW.USER32(00BC1990,00000004,00000000,00000030), ref: 00B5BFE1
                                                                            • Sleep.KERNEL32(000001F4), ref: 00B5BFF3
                                                                            • GetMenuItemCount.USER32(?), ref: 00B5C039
                                                                            • GetMenuItemID.USER32(?,00000000), ref: 00B5C056
                                                                            • GetMenuItemID.USER32(?,-00000001), ref: 00B5C082
                                                                            • GetMenuItemID.USER32(?,?), ref: 00B5C0C9
                                                                            • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00B5C10F
                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B5C124
                                                                            • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B5C145
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                            • String ID: 0
                                                                            • API String ID: 1460738036-4108050209
                                                                            • Opcode ID: 20019b12c9033f4fd0103f92e2822be57a1d7d4e6885174538d6105ccf1c5a8b
                                                                            • Instruction ID: 8cf1de73b599e573ac48da7508b1ea48f6edf1fed2ae94526b7e0e1f648af6d6
                                                                            • Opcode Fuzzy Hash: 20019b12c9033f4fd0103f92e2822be57a1d7d4e6885174538d6105ccf1c5a8b
                                                                            • Instruction Fuzzy Hash: BC616BB090034AAFDF11CF64D989BEE7FAAEB05345F1440D5ED11A3292DB71AD49CB60
                                                                            APIs
                                                                            • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00B5DC20
                                                                            • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00B5DC46
                                                                            • _wcslen.LIBCMT ref: 00B5DC50
                                                                            • _wcsstr.LIBVCRUNTIME ref: 00B5DCA0
                                                                            • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00B5DCBC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                            • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                            • API String ID: 1939486746-1459072770
                                                                            • Opcode ID: 91d29cc538f825a9add4f0f43719fed2d75df36bb5ae4ab4ca6b501d0404dc99
                                                                            • Instruction ID: a76e1ebcd832d4333d743664769eebb435aea1a6cbae168b816473c1c5fcefcf
                                                                            • Opcode Fuzzy Hash: 91d29cc538f825a9add4f0f43719fed2d75df36bb5ae4ab4ca6b501d0404dc99
                                                                            • Instruction Fuzzy Hash: 2E41F072A402057AEB20A764DC47EFF7BECEF45711F5001EAF900A61E2EB749A4187B5
                                                                            APIs
                                                                            • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00B7CC64
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00B7CC8D
                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00B7CD48
                                                                              • Part of subcall function 00B7CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00B7CCAA
                                                                              • Part of subcall function 00B7CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00B7CCBD
                                                                              • Part of subcall function 00B7CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00B7CCCF
                                                                              • Part of subcall function 00B7CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00B7CD05
                                                                              • Part of subcall function 00B7CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00B7CD28
                                                                            • RegDeleteKeyW.ADVAPI32(?,?), ref: 00B7CCF3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                            • String ID: RegDeleteKeyExW$advapi32.dll
                                                                            • API String ID: 2734957052-4033151799
                                                                            • Opcode ID: bc835a224e326773fcec8b7d7e6e228e355ed3a024b51257bece6928e65482f2
                                                                            • Instruction ID: 0abed89fe3663550568bb9d3bd0cc8b1b08442c6cb910ba6e1726290f1202741
                                                                            • Opcode Fuzzy Hash: bc835a224e326773fcec8b7d7e6e228e355ed3a024b51257bece6928e65482f2
                                                                            • Instruction Fuzzy Hash: B5317CB1901128BBDB219B61DC88EFFBFBCEF45740F0041A9A919E3250DB709A45DBB0
                                                                            APIs
                                                                            • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00B63D40
                                                                            • _wcslen.LIBCMT ref: 00B63D6D
                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 00B63D9D
                                                                            • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00B63DBE
                                                                            • RemoveDirectoryW.KERNEL32(?), ref: 00B63DCE
                                                                            • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00B63E55
                                                                            • CloseHandle.KERNEL32(00000000), ref: 00B63E60
                                                                            • CloseHandle.KERNEL32(00000000), ref: 00B63E6B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                            • String ID: :$\$\??\%s
                                                                            • API String ID: 1149970189-3457252023
                                                                            • Opcode ID: 051e507bcc2bdcd8d5d98de3a1fd4d517daee7f9a5ee50c14e3c1c2b16d318fa
                                                                            • Instruction ID: afcdc643b225d9fe06277554fc7a345a78723c246c5dab63cd48cd1a931bdd8f
                                                                            • Opcode Fuzzy Hash: 051e507bcc2bdcd8d5d98de3a1fd4d517daee7f9a5ee50c14e3c1c2b16d318fa
                                                                            • Instruction Fuzzy Hash: 1B316FB1900209AADB219FA0DC49FEB77FCEF89B00F1041B5F605960A0EB749744CB64
                                                                            APIs
                                                                            • timeGetTime.WINMM ref: 00B5E6B4
                                                                              • Part of subcall function 00B0E551: timeGetTime.WINMM(?,?,00B5E6D4), ref: 00B0E555
                                                                            • Sleep.KERNEL32(0000000A), ref: 00B5E6E1
                                                                            • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00B5E705
                                                                            • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00B5E727
                                                                            • SetActiveWindow.USER32 ref: 00B5E746
                                                                            • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00B5E754
                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 00B5E773
                                                                            • Sleep.KERNEL32(000000FA), ref: 00B5E77E
                                                                            • IsWindow.USER32 ref: 00B5E78A
                                                                            • EndDialog.USER32(00000000), ref: 00B5E79B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                            • String ID: BUTTON
                                                                            • API String ID: 1194449130-3405671355
                                                                            • Opcode ID: dc1d18d9b44c43ee8cf0b5a9f3dfbde4a9d95af908e667474dec6bab555a1df3
                                                                            • Instruction ID: c7c5ed72a69913aa5dde7150cc2412a42df6a66b86ddbd5ec2273064719f6364
                                                                            • Opcode Fuzzy Hash: dc1d18d9b44c43ee8cf0b5a9f3dfbde4a9d95af908e667474dec6bab555a1df3
                                                                            • Instruction Fuzzy Hash: BD2138B0200245AFEB045F20EC89F263AA9EB5978AF1014A5F965931B1DF71AD08DB34
                                                                            APIs
                                                                              • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                            • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00B5EA5D
                                                                            • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00B5EA73
                                                                            • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00B5EA84
                                                                            • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00B5EA96
                                                                            • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00B5EAA7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: SendString$_wcslen
                                                                            • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                            • API String ID: 2420728520-1007645807
                                                                            • Opcode ID: c850fed3a80a719aebef0c3bf845b8a635c44c61c295af3caa41791b840f37d9
                                                                            • Instruction ID: 36574971e7b3911c0fdf5bad923c8ca8334f66eda95ebca76b2e8837a7cd2979
                                                                            • Opcode Fuzzy Hash: c850fed3a80a719aebef0c3bf845b8a635c44c61c295af3caa41791b840f37d9
                                                                            • Instruction Fuzzy Hash: A0115431A5021D7AD724A7A1DD4AEFF6BFCEBD5B40F0004A57951A20E1EEB04E45C5B0
                                                                            APIs
                                                                            • GetKeyboardState.USER32(?), ref: 00B5A012
                                                                            • SetKeyboardState.USER32(?), ref: 00B5A07D
                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 00B5A09D
                                                                            • GetKeyState.USER32(000000A0), ref: 00B5A0B4
                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 00B5A0E3
                                                                            • GetKeyState.USER32(000000A1), ref: 00B5A0F4
                                                                            • GetAsyncKeyState.USER32(00000011), ref: 00B5A120
                                                                            • GetKeyState.USER32(00000011), ref: 00B5A12E
                                                                            • GetAsyncKeyState.USER32(00000012), ref: 00B5A157
                                                                            • GetKeyState.USER32(00000012), ref: 00B5A165
                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 00B5A18E
                                                                            • GetKeyState.USER32(0000005B), ref: 00B5A19C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: State$Async$Keyboard
                                                                            • String ID:
                                                                            • API String ID: 541375521-0
                                                                            • Opcode ID: 21c8754fca61c4cd5da45f6aa1c9c7d30ce4090b3133a0b6f1010c3b39efb514
                                                                            • Instruction ID: c2ffd83dbec37555343f54fa820ea0c5dc6b7f83681c144ade6050a2491e0e2e
                                                                            • Opcode Fuzzy Hash: 21c8754fca61c4cd5da45f6aa1c9c7d30ce4090b3133a0b6f1010c3b39efb514
                                                                            • Instruction Fuzzy Hash: 7951993090478869FB35EB7088557EAAFF5DF12381F0846D9DDC2771C2DA64AA4CCB62
                                                                            APIs
                                                                            • GetDlgItem.USER32(?,00000001), ref: 00B55CE2
                                                                            • GetWindowRect.USER32(00000000,?), ref: 00B55CFB
                                                                            • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00B55D59
                                                                            • GetDlgItem.USER32(?,00000002), ref: 00B55D69
                                                                            • GetWindowRect.USER32(00000000,?), ref: 00B55D7B
                                                                            • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00B55DCF
                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00B55DDD
                                                                            • GetWindowRect.USER32(00000000,?), ref: 00B55DEF
                                                                            • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00B55E31
                                                                            • GetDlgItem.USER32(?,000003EA), ref: 00B55E44
                                                                            • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00B55E5A
                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00B55E67
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ItemMoveRect$Invalidate
                                                                            • String ID:
                                                                            • API String ID: 3096461208-0
                                                                            • Opcode ID: 44bac492ff840a2bdeac2d629f089f93dfa4ab99f6f210e01547e7c516c0d61c
                                                                            • Instruction ID: 7fe30542865dc5b58478789afa846e9ac555a0375da1f9b94e081bad7aef6c4e
                                                                            • Opcode Fuzzy Hash: 44bac492ff840a2bdeac2d629f089f93dfa4ab99f6f210e01547e7c516c0d61c
                                                                            • Instruction Fuzzy Hash: 6B51FFB1A00609AFDB18CF68DD99AAE7BF5EF48301F148169F915E7290DB709E04CB60
                                                                            APIs
                                                                              • Part of subcall function 00B08F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00B08BE8,?,00000000,?,?,?,?,00B08BBA,00000000,?), ref: 00B08FC5
                                                                            • DestroyWindow.USER32(?), ref: 00B08C81
                                                                            • KillTimer.USER32(00000000,?,?,?,?,00B08BBA,00000000,?), ref: 00B08D1B
                                                                            • DestroyAcceleratorTable.USER32(00000000), ref: 00B46973
                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00B08BBA,00000000,?), ref: 00B469A1
                                                                            • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00B08BBA,00000000,?), ref: 00B469B8
                                                                            • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00B08BBA,00000000), ref: 00B469D4
                                                                            • DeleteObject.GDI32(00000000), ref: 00B469E6
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                            • String ID:
                                                                            • API String ID: 641708696-0
                                                                            • Opcode ID: ad47b01d9f62b43221703fef615071c1fc4e5e5a8618eca6c9246b6e90e80551
                                                                            • Instruction ID: ef80af2e19ef8363c281c4f9b430301a484c981aabe254ca000e499ff654c5ab
                                                                            • Opcode Fuzzy Hash: ad47b01d9f62b43221703fef615071c1fc4e5e5a8618eca6c9246b6e90e80551
                                                                            • Instruction Fuzzy Hash: 05618D30502600DFDB359F18D948B257BF1FB46312F1449ADE082AB9B1CB71AE91EFA1
                                                                            APIs
                                                                              • Part of subcall function 00B09944: GetWindowLongW.USER32(?,000000EB), ref: 00B09952
                                                                            • GetSysColor.USER32(0000000F), ref: 00B09862
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ColorLongWindow
                                                                            • String ID:
                                                                            • API String ID: 259745315-0
                                                                            • Opcode ID: 5467de5404c457754598e9cc644d65d21d7293bcbf88fd4ed9c21de7d6d737f5
                                                                            • Instruction ID: ea58dedb5d22894f43f561576f727f0353736a9686b773aaa41e2cef550800b3
                                                                            • Opcode Fuzzy Hash: 5467de5404c457754598e9cc644d65d21d7293bcbf88fd4ed9c21de7d6d737f5
                                                                            • Instruction Fuzzy Hash: B34180711447409FDB205F389C88BB93FA5EB163A0F148695E9A29B2F3DB319941DB20
                                                                            APIs
                                                                            • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00B3F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00B59717
                                                                            • LoadStringW.USER32(00000000,?,00B3F7F8,00000001), ref: 00B59720
                                                                              • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                            • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00B3F7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00B59742
                                                                            • LoadStringW.USER32(00000000,?,00B3F7F8,00000001), ref: 00B59745
                                                                            • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00B59866
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HandleLoadModuleString$Message_wcslen
                                                                            • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                            • API String ID: 747408836-2268648507
                                                                            • Opcode ID: 59cafa35954c9539e018ffa030956ca7f1353dfc63d0b725b9b38ab2bd8fba07
                                                                            • Instruction ID: 6be9731648073702dd5a5e1b1a80ab0516c356384b7661ac2b4c80c0d44e2ac7
                                                                            • Opcode Fuzzy Hash: 59cafa35954c9539e018ffa030956ca7f1353dfc63d0b725b9b38ab2bd8fba07
                                                                            • Instruction Fuzzy Hash: 82412D7280021DAADF05EBE0DE86EFE77B8AF54341F1001A5F60576092EB756F49CB61
                                                                            APIs
                                                                              • Part of subcall function 00AF6B57: _wcslen.LIBCMT ref: 00AF6B6A
                                                                            • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00B507A2
                                                                            • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00B507BE
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00B507DA
                                                                            • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00B50804
                                                                            • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00B5082C
                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00B50837
                                                                            • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00B5083C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                            • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                            • API String ID: 323675364-22481851
                                                                            • Opcode ID: 93fa3435f1c8c4be64eb20a9d12f66f6663153f9a0ea90cdb8d2dbbf190afbb4
                                                                            • Instruction ID: 98c1ad21370e7d908c58d8d96112d0189c7dab2dc20ee7ea7f219c5d56ec6195
                                                                            • Opcode Fuzzy Hash: 93fa3435f1c8c4be64eb20a9d12f66f6663153f9a0ea90cdb8d2dbbf190afbb4
                                                                            • Instruction Fuzzy Hash: 8641E77281022DABDF11EBA4DD85DFDB7B8EF14390F044169F915A7161EB705E04CBA0
                                                                            APIs
                                                                            • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00B8403B
                                                                            • CreateCompatibleDC.GDI32(00000000), ref: 00B84042
                                                                            • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00B84055
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00B8405D
                                                                            • GetPixel.GDI32(00000000,00000000,00000000), ref: 00B84068
                                                                            • DeleteDC.GDI32(00000000), ref: 00B84072
                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 00B8407C
                                                                            • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00B84092
                                                                            • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00B8409E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                            • String ID: static
                                                                            • API String ID: 2559357485-2160076837
                                                                            • Opcode ID: 3351aa0c1868f68cf999e56e7b737c8eaeca515c74cb64fca2fa393af3479533
                                                                            • Instruction ID: f46e524b46edb6a65799bfde02f9da73c7f71268a6ea2996b7bb5ea2b1e0cf9e
                                                                            • Opcode Fuzzy Hash: 3351aa0c1868f68cf999e56e7b737c8eaeca515c74cb64fca2fa393af3479533
                                                                            • Instruction Fuzzy Hash: B3316C7250121AABDF21AFA4DC49FDB3FA9EF0D724F110251FA15A61B0DB75D820DBA0
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(?), ref: 00B73C5C
                                                                            • CoInitialize.OLE32(00000000), ref: 00B73C8A
                                                                            • CoUninitialize.OLE32 ref: 00B73C94
                                                                            • _wcslen.LIBCMT ref: 00B73D2D
                                                                            • GetRunningObjectTable.OLE32(00000000,?), ref: 00B73DB1
                                                                            • SetErrorMode.KERNEL32(00000001,00000029), ref: 00B73ED5
                                                                            • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00B73F0E
                                                                            • CoGetObject.OLE32(?,00000000,00B8FB98,?), ref: 00B73F2D
                                                                            • SetErrorMode.KERNEL32(00000000), ref: 00B73F40
                                                                            • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00B73FC4
                                                                            • VariantClear.OLEAUT32(?), ref: 00B73FD8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                            • String ID:
                                                                            • API String ID: 429561992-0
                                                                            • Opcode ID: d22c21ab7c9d0a411c03fa86b09817c44f997d72cdcdae84e34f98ab1f3824f6
                                                                            • Instruction ID: 177c389bd490a816989a4281faedd7933232a0a3272283d64fb1268a6c299401
                                                                            • Opcode Fuzzy Hash: d22c21ab7c9d0a411c03fa86b09817c44f997d72cdcdae84e34f98ab1f3824f6
                                                                            • Instruction Fuzzy Hash: CFC16A716083059FC710DF68C88492BBBE9FF89744F14899DF99A9B220DB31ED05DB62
                                                                            APIs
                                                                            • CoInitialize.OLE32(00000000), ref: 00B67AF3
                                                                            • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00B67B8F
                                                                            • SHGetDesktopFolder.SHELL32(?), ref: 00B67BA3
                                                                            • CoCreateInstance.OLE32(00B8FD08,00000000,00000001,00BB6E6C,?), ref: 00B67BEF
                                                                            • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00B67C74
                                                                            • CoTaskMemFree.OLE32(?,?), ref: 00B67CCC
                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 00B67D57
                                                                            • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00B67D7A
                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00B67D81
                                                                            • CoTaskMemFree.OLE32(00000000), ref: 00B67DD6
                                                                            • CoUninitialize.OLE32 ref: 00B67DDC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                            • String ID:
                                                                            • API String ID: 2762341140-0
                                                                            • Opcode ID: bd68235e10a77229031c121195d7f0e4bd3ac86aae21894d8c4beaa69a92f592
                                                                            • Instruction ID: 92de7d117236ccc3849216bb70452c4d5abef9c0445066ee8f76ea3a02465b8f
                                                                            • Opcode Fuzzy Hash: bd68235e10a77229031c121195d7f0e4bd3ac86aae21894d8c4beaa69a92f592
                                                                            • Instruction Fuzzy Hash: 67C10A75A04109AFCB14DFA4C894DAEBBF9FF48304B1484A9F91A9B361DB34ED45CB90
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00B85504
                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B85515
                                                                            • CharNextW.USER32(00000158), ref: 00B85544
                                                                            • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00B85585
                                                                            • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00B8559B
                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B855AC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CharNext
                                                                            • String ID:
                                                                            • API String ID: 1350042424-0
                                                                            • Opcode ID: 945db62095959444a03eb6f2aed2395c66e10948968bbc4aa60d2c0f9efdb931
                                                                            • Instruction ID: a1d09343ed63037df5cef39d4985e5b8d28f14d52ae019f473ac66b89e2fb596
                                                                            • Opcode Fuzzy Hash: 945db62095959444a03eb6f2aed2395c66e10948968bbc4aa60d2c0f9efdb931
                                                                            • Instruction Fuzzy Hash: E3619C74900609ABDF20AF54CC84AFE7BF9EF09321F144195F925AB2B0DB749A80DB60
                                                                            APIs
                                                                            • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00B4FAAF
                                                                            • SafeArrayAllocData.OLEAUT32(?), ref: 00B4FB08
                                                                            • VariantInit.OLEAUT32(?), ref: 00B4FB1A
                                                                            • SafeArrayAccessData.OLEAUT32(?,?), ref: 00B4FB3A
                                                                            • VariantCopy.OLEAUT32(?,?), ref: 00B4FB8D
                                                                            • SafeArrayUnaccessData.OLEAUT32(?), ref: 00B4FBA1
                                                                            • VariantClear.OLEAUT32(?), ref: 00B4FBB6
                                                                            • SafeArrayDestroyData.OLEAUT32(?), ref: 00B4FBC3
                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00B4FBCC
                                                                            • VariantClear.OLEAUT32(?), ref: 00B4FBDE
                                                                            • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00B4FBE9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                            • String ID:
                                                                            • API String ID: 2706829360-0
                                                                            • Opcode ID: 4597b784c1b43fae9b873b2ff59508376db17af9bc9c3b08717a52f60b325066
                                                                            • Instruction ID: 0c38a143d3f1a3d2b09a72ddcdf290c9b103d5bb0d23d16ac1072db45e0ca682
                                                                            • Opcode Fuzzy Hash: 4597b784c1b43fae9b873b2ff59508376db17af9bc9c3b08717a52f60b325066
                                                                            • Instruction Fuzzy Hash: 7C413E75A0021AEFCF00DFA4D8549BEBBB9FF48354F048069E955A7361CB30EA45DBA0
                                                                            APIs
                                                                            • GetKeyboardState.USER32(?), ref: 00B59CA1
                                                                            • GetAsyncKeyState.USER32(000000A0), ref: 00B59D22
                                                                            • GetKeyState.USER32(000000A0), ref: 00B59D3D
                                                                            • GetAsyncKeyState.USER32(000000A1), ref: 00B59D57
                                                                            • GetKeyState.USER32(000000A1), ref: 00B59D6C
                                                                            • GetAsyncKeyState.USER32(00000011), ref: 00B59D84
                                                                            • GetKeyState.USER32(00000011), ref: 00B59D96
                                                                            • GetAsyncKeyState.USER32(00000012), ref: 00B59DAE
                                                                            • GetKeyState.USER32(00000012), ref: 00B59DC0
                                                                            • GetAsyncKeyState.USER32(0000005B), ref: 00B59DD8
                                                                            • GetKeyState.USER32(0000005B), ref: 00B59DEA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: State$Async$Keyboard
                                                                            • String ID:
                                                                            • API String ID: 541375521-0
                                                                            • Opcode ID: 5e7544c36f3eb76ef27483168df618bbe2f94ec2bea2db3936c88fcb80d23475
                                                                            • Instruction ID: fa5f5768d731e75af95cd82ae34466efa85a4e6fbee2edb288e39a3d02c443e5
                                                                            • Opcode Fuzzy Hash: 5e7544c36f3eb76ef27483168df618bbe2f94ec2bea2db3936c88fcb80d23475
                                                                            • Instruction Fuzzy Hash: 0641C5745047C9A9FF31976488053A5BEF0EB11345F0880EADEC6575C2EBA599CCC7A2
                                                                            APIs
                                                                            • WSAStartup.WSOCK32(00000101,?), ref: 00B705BC
                                                                            • inet_addr.WSOCK32(?), ref: 00B7061C
                                                                            • gethostbyname.WSOCK32(?), ref: 00B70628
                                                                            • IcmpCreateFile.IPHLPAPI ref: 00B70636
                                                                            • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00B706C6
                                                                            • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00B706E5
                                                                            • IcmpCloseHandle.IPHLPAPI(?), ref: 00B707B9
                                                                            • WSACleanup.WSOCK32 ref: 00B707BF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                            • String ID: Ping
                                                                            • API String ID: 1028309954-2246546115
                                                                            • Opcode ID: 2af76bf5fa7362e1f1d294dd2a7741204bccb34dbbfbd647f7e184aea5a09d5c
                                                                            • Instruction ID: 2c40c419e03d9825880a72913d05c1488d3ee131d52aee4be3f1572f024e1b40
                                                                            • Opcode Fuzzy Hash: 2af76bf5fa7362e1f1d294dd2a7741204bccb34dbbfbd647f7e184aea5a09d5c
                                                                            • Instruction Fuzzy Hash: FE916A75618201DFD324EF15C588B2ABBE0EF44318F14C5AAF56A9B6A2CB30ED45CF91
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$BuffCharLower
                                                                            • String ID: cdecl$none$stdcall$winapi
                                                                            • API String ID: 707087890-567219261
                                                                            • Opcode ID: 81440a74979e2e5798492d93075991cf4cc0105749996766cf6bd1b63e35e968
                                                                            • Instruction ID: 9c0ae553389ab73d66aa03ed638913ee9d64bd2052ff2e9a381a9df8e70a43b8
                                                                            • Opcode Fuzzy Hash: 81440a74979e2e5798492d93075991cf4cc0105749996766cf6bd1b63e35e968
                                                                            • Instruction Fuzzy Hash: 6B519231A445169BCB24DFA8C9849BEB7E5FF64360B6082A9E53AE72C4DF30DD40C790
                                                                            APIs
                                                                            • CoInitialize.OLE32 ref: 00B73774
                                                                            • CoUninitialize.OLE32 ref: 00B7377F
                                                                            • CoCreateInstance.OLE32(?,00000000,00000017,00B8FB78,?), ref: 00B737D9
                                                                            • IIDFromString.OLE32(?,?), ref: 00B7384C
                                                                            • VariantInit.OLEAUT32(?), ref: 00B738E4
                                                                            • VariantClear.OLEAUT32(?), ref: 00B73936
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                            • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                            • API String ID: 636576611-1287834457
                                                                            • Opcode ID: e84a2dcf35b75d6a0386f35ef1f384bf07769775f5232e2657eaad8941447597
                                                                            • Instruction ID: 09ece09fc7d270494026677cdb720bd17559310629edf813d3c0e26fb9c9c7a0
                                                                            • Opcode Fuzzy Hash: e84a2dcf35b75d6a0386f35ef1f384bf07769775f5232e2657eaad8941447597
                                                                            • Instruction Fuzzy Hash: E561B470608301AFD310DF54C889F6ABBE4EF49B10F108889F999972A1D770EE48DB93
                                                                            APIs
                                                                            • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00B633CF
                                                                              • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                            • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00B633F0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LoadString$_wcslen
                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                            • API String ID: 4099089115-3080491070
                                                                            • Opcode ID: 84828be41ffd79bf07184a414f0011a2febe9285cc288006fd52674cf016c216
                                                                            • Instruction ID: 98edf1ef4f4baef48c573f1511a3f0bc911cd1b3c7cdb9df926d374ca772c66f
                                                                            • Opcode Fuzzy Hash: 84828be41ffd79bf07184a414f0011a2febe9285cc288006fd52674cf016c216
                                                                            • Instruction Fuzzy Hash: E6516872900209AADF15EBE0CE42EFEB7B8EF14740F1041A5F605731A2EB656F58DB61
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$BuffCharUpper
                                                                            • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                            • API String ID: 1256254125-769500911
                                                                            • Opcode ID: 00b45f21a1560477f8cbf3126c957e9423075d2f16b9af629c980dba4e4317ef
                                                                            • Instruction ID: 2c8f7748cddd80a1d4dc0094e4c94ae475e52350a1860a501661ddfc9d081a1d
                                                                            • Opcode Fuzzy Hash: 00b45f21a1560477f8cbf3126c957e9423075d2f16b9af629c980dba4e4317ef
                                                                            • Instruction Fuzzy Hash: 9841C532A000269BCB105F7DC990ABEF7E5EF60795B2441E9EC21D7284E735CD85C790
                                                                            APIs
                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00B653A0
                                                                            • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00B65416
                                                                            • GetLastError.KERNEL32 ref: 00B65420
                                                                            • SetErrorMode.KERNEL32(00000000,READY), ref: 00B654A7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Error$Mode$DiskFreeLastSpace
                                                                            • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                            • API String ID: 4194297153-14809454
                                                                            • Opcode ID: 8246d6a0010bb593f78df3d19e54bf47dbfcf9b8fd31c00f75aefd964293bac2
                                                                            • Instruction ID: bde0dcb5b164c6c99ae2a1a16340604161e1d34040e2fcb1a59f10c671866b1a
                                                                            • Opcode Fuzzy Hash: 8246d6a0010bb593f78df3d19e54bf47dbfcf9b8fd31c00f75aefd964293bac2
                                                                            • Instruction Fuzzy Hash: ED319F76A005089FD720DF68C484AAA7BF4FF04305F1480E5E505DB3A6DB79DD96CBA0
                                                                            APIs
                                                                            • CreateMenu.USER32 ref: 00B83C79
                                                                            • SetMenu.USER32(?,00000000), ref: 00B83C88
                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B83D10
                                                                            • IsMenu.USER32(?), ref: 00B83D24
                                                                            • CreatePopupMenu.USER32 ref: 00B83D2E
                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00B83D5B
                                                                            • DrawMenuBar.USER32 ref: 00B83D63
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                            • String ID: 0$F
                                                                            • API String ID: 161812096-3044882817
                                                                            • Opcode ID: 4a664efbe9e0ab04ecd858656e1eae53514c5143ab3ec316cee7550b45438196
                                                                            • Instruction ID: f7fa754eb6fcc2ac13d555c6a55121ec89fb277bd83ae74cf20ab55da240d9fc
                                                                            • Opcode Fuzzy Hash: 4a664efbe9e0ab04ecd858656e1eae53514c5143ab3ec316cee7550b45438196
                                                                            • Instruction Fuzzy Hash: 274168B5A01209EFDF14DF64E884EEA7BF5FF49700F144068E916A7360DB70AA10CBA4
                                                                            APIs
                                                                              • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                              • Part of subcall function 00B53CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00B53CCA
                                                                            • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00B51F64
                                                                            • GetDlgCtrlID.USER32 ref: 00B51F6F
                                                                            • GetParent.USER32 ref: 00B51F8B
                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00B51F8E
                                                                            • GetDlgCtrlID.USER32(?), ref: 00B51F97
                                                                            • GetParent.USER32(?), ref: 00B51FAB
                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00B51FAE
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 711023334-1403004172
                                                                            • Opcode ID: 9490ad41800cdf83a556f7066dd4b2b75058e8a49d96f3637196f1c21d1b9a99
                                                                            • Instruction ID: 7f309b224b65d10154f5e33a2b7932189f244a325f444f1e1df569c7e5684eb0
                                                                            • Opcode Fuzzy Hash: 9490ad41800cdf83a556f7066dd4b2b75058e8a49d96f3637196f1c21d1b9a99
                                                                            • Instruction Fuzzy Hash: BC21BEB0900218BBCF14AFA4DC85BFEBBB8EF15350F004595FA61A72A1DB755909DB70
                                                                            APIs
                                                                              • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                              • Part of subcall function 00B53CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00B53CCA
                                                                            • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00B52043
                                                                            • GetDlgCtrlID.USER32 ref: 00B5204E
                                                                            • GetParent.USER32 ref: 00B5206A
                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00B5206D
                                                                            • GetDlgCtrlID.USER32(?), ref: 00B52076
                                                                            • GetParent.USER32(?), ref: 00B5208A
                                                                            • SendMessageW.USER32(00000000,?,00000111,?), ref: 00B5208D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 711023334-1403004172
                                                                            • Opcode ID: 5fcb73ef69a167488e0f7848c6ebdce287bc9df8493063374043b6d22dc76fe4
                                                                            • Instruction ID: e227b46bc337730aaaf95ec2602f72e55951b9fe3c3560906f37a86e401c2dae
                                                                            • Opcode Fuzzy Hash: 5fcb73ef69a167488e0f7848c6ebdce287bc9df8493063374043b6d22dc76fe4
                                                                            • Instruction Fuzzy Hash: 7021BEB1901218BBCF10AFA0CC85BFEBFB8EF05340F040095B951A72A1DA754919DB60
                                                                            APIs
                                                                            • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00B83A9D
                                                                            • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00B83AA0
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00B83AC7
                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00B83AEA
                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00B83B62
                                                                            • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00B83BAC
                                                                            • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00B83BC7
                                                                            • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00B83BE2
                                                                            • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00B83BF6
                                                                            • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00B83C13
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$LongWindow
                                                                            • String ID:
                                                                            • API String ID: 312131281-0
                                                                            • Opcode ID: 43e57df95686d91d21efcb8d47740288d3df47a08b007e41ecb8e2ba50a2c686
                                                                            • Instruction ID: d2ee7d2f27ccb46f0938a93f02e21307564203a56be4ac6c691b3f5ec2a91bcd
                                                                            • Opcode Fuzzy Hash: 43e57df95686d91d21efcb8d47740288d3df47a08b007e41ecb8e2ba50a2c686
                                                                            • Instruction Fuzzy Hash: 47615CB5900248AFDB10DFA8CC81EEE77F8EB09B04F104599FA15A72A2D774AE45DF50
                                                                            APIs
                                                                            • GetCurrentThreadId.KERNEL32 ref: 00B5B151
                                                                            • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00B5A1E1,?,00000001), ref: 00B5B165
                                                                            • GetWindowThreadProcessId.USER32(00000000), ref: 00B5B16C
                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00B5A1E1,?,00000001), ref: 00B5B17B
                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00B5B18D
                                                                            • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00B5A1E1,?,00000001), ref: 00B5B1A6
                                                                            • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00B5A1E1,?,00000001), ref: 00B5B1B8
                                                                            • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00B5A1E1,?,00000001), ref: 00B5B1FD
                                                                            • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00B5A1E1,?,00000001), ref: 00B5B212
                                                                            • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00B5A1E1,?,00000001), ref: 00B5B21D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                            • String ID:
                                                                            • API String ID: 2156557900-0
                                                                            • Opcode ID: 165f5cbbad5a056a3dc4b45bb53ecc9521245be67824a268d50e35f326c8139c
                                                                            • Instruction ID: 26a110f0b87c6c7147c8fe4e523b729a6b75974253e7a1ccb61cd987e7c728b5
                                                                            • Opcode Fuzzy Hash: 165f5cbbad5a056a3dc4b45bb53ecc9521245be67824a268d50e35f326c8139c
                                                                            • Instruction Fuzzy Hash: FB3178B6510604AFDB109F24EC98FA97FE9EB59712F208095FA01D71A0DBB49A44CF70
                                                                            APIs
                                                                            • _free.LIBCMT ref: 00B22C94
                                                                              • Part of subcall function 00B229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000), ref: 00B229DE
                                                                              • Part of subcall function 00B229C8: GetLastError.KERNEL32(00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000,00000000), ref: 00B229F0
                                                                            • _free.LIBCMT ref: 00B22CA0
                                                                            • _free.LIBCMT ref: 00B22CAB
                                                                            • _free.LIBCMT ref: 00B22CB6
                                                                            • _free.LIBCMT ref: 00B22CC1
                                                                            • _free.LIBCMT ref: 00B22CCC
                                                                            • _free.LIBCMT ref: 00B22CD7
                                                                            • _free.LIBCMT ref: 00B22CE2
                                                                            • _free.LIBCMT ref: 00B22CED
                                                                            • _free.LIBCMT ref: 00B22CFB
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                            • String ID:
                                                                            • API String ID: 776569668-0
                                                                            • Opcode ID: d18a30af838a05873e7ff2373f96bc444f7fda70c664fa423f823d32400f1d8f
                                                                            • Instruction ID: a37d93b0c24e98904a1a96ed83e2dba4ae8c2ab6e0e7c59e0723919f15383e0d
                                                                            • Opcode Fuzzy Hash: d18a30af838a05873e7ff2373f96bc444f7fda70c664fa423f823d32400f1d8f
                                                                            • Instruction Fuzzy Hash: 00114676510118BFCB02EF54E942CDD3BA5FF09350F9145A5F94C9B322D631EE909B90
                                                                            APIs
                                                                            • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00B67FAD
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00B67FC1
                                                                            • GetFileAttributesW.KERNEL32(?), ref: 00B67FEB
                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00B68005
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00B68017
                                                                            • SetCurrentDirectoryW.KERNEL32(?), ref: 00B68060
                                                                            • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00B680B0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CurrentDirectory$AttributesFile
                                                                            • String ID: *.*
                                                                            • API String ID: 769691225-438819550
                                                                            • Opcode ID: 827dfff0505c498e33dffecc83edf0def613f750afb53faaa410d84bd07702b6
                                                                            • Instruction ID: c47d9518c0d9eb1f55f659a8a564451b016d6c7102c7bb5a759284e1ac1bb981
                                                                            • Opcode Fuzzy Hash: 827dfff0505c498e33dffecc83edf0def613f750afb53faaa410d84bd07702b6
                                                                            • Instruction Fuzzy Hash: A981A0725483459BCB20EF54C4849AAB3E8FF88314F144D9AF989D7250EB3ADD49CB92
                                                                            APIs
                                                                            • SetWindowLongW.USER32(?,000000EB), ref: 00AF5C7A
                                                                              • Part of subcall function 00AF5D0A: GetClientRect.USER32(?,?), ref: 00AF5D30
                                                                              • Part of subcall function 00AF5D0A: GetWindowRect.USER32(?,?), ref: 00AF5D71
                                                                              • Part of subcall function 00AF5D0A: ScreenToClient.USER32(?,?), ref: 00AF5D99
                                                                            • GetDC.USER32 ref: 00B346F5
                                                                            • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00B34708
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00B34716
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00B3472B
                                                                            • ReleaseDC.USER32(?,00000000), ref: 00B34733
                                                                            • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00B347C4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                            • String ID: U
                                                                            • API String ID: 4009187628-3372436214
                                                                            • Opcode ID: c9061ec5d8b3501e287b7f4a3369710dbef29b552ea5bf841a11065f4b07c2d0
                                                                            • Instruction ID: f9dd83aead0ea44439f8ee51d4df748d603007b34af66fda7c95041e2c1e0eac
                                                                            • Opcode Fuzzy Hash: c9061ec5d8b3501e287b7f4a3369710dbef29b552ea5bf841a11065f4b07c2d0
                                                                            • Instruction Fuzzy Hash: 2771B235500209DFCF218FA4C985ABA7FF5FF4A350F2442A9FA565A166CB31AC41DF60
                                                                            APIs
                                                                            • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00B635E4
                                                                              • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                            • LoadStringW.USER32(00BC2390,?,00000FFF,?), ref: 00B6360A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LoadString$_wcslen
                                                                            • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                            • API String ID: 4099089115-2391861430
                                                                            • Opcode ID: 893cdb41c554a9f65059c641c8bc0f307f4e6e9b6f3b796d5862f33cb7bea32a
                                                                            • Instruction ID: 2e8e68884d18d7f19737ef243852249b8c799e3072ec464989ed00c621c68312
                                                                            • Opcode Fuzzy Hash: 893cdb41c554a9f65059c641c8bc0f307f4e6e9b6f3b796d5862f33cb7bea32a
                                                                            • Instruction Fuzzy Hash: 52515E72800209BADF15EBE0DD42EFEBBB8EF05740F1441A5F605721A1DB341A99DBA1
                                                                            APIs
                                                                              • Part of subcall function 00B09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B09BB2
                                                                              • Part of subcall function 00B0912D: GetCursorPos.USER32(?), ref: 00B09141
                                                                              • Part of subcall function 00B0912D: ScreenToClient.USER32(00000000,?), ref: 00B0915E
                                                                              • Part of subcall function 00B0912D: GetAsyncKeyState.USER32(00000001), ref: 00B09183
                                                                              • Part of subcall function 00B0912D: GetAsyncKeyState.USER32(00000002), ref: 00B0919D
                                                                            • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00B88B6B
                                                                            • ImageList_EndDrag.COMCTL32 ref: 00B88B71
                                                                            • ReleaseCapture.USER32 ref: 00B88B77
                                                                            • SetWindowTextW.USER32(?,00000000), ref: 00B88C12
                                                                            • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00B88C25
                                                                            • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00B88CFF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                            • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                            • API String ID: 1924731296-2107944366
                                                                            • Opcode ID: efe867d7500956cb32ae2555f36f0977cb3c5f0cd5b5c8b62085c8a4b4d4d16a
                                                                            • Instruction ID: 6dbc5f4dbe53ce3d2d02d26f34fe1dc7e7f8758cb5b70eef9aa336264738816e
                                                                            • Opcode Fuzzy Hash: efe867d7500956cb32ae2555f36f0977cb3c5f0cd5b5c8b62085c8a4b4d4d16a
                                                                            • Instruction Fuzzy Hash: 03518BB1104304AFD700EF64DD96FAA7BE4FB88750F400A6DF956A72E2DB709904CB62
                                                                            APIs
                                                                            • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00B6C272
                                                                            • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00B6C29A
                                                                            • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00B6C2CA
                                                                            • GetLastError.KERNEL32 ref: 00B6C322
                                                                            • SetEvent.KERNEL32(?), ref: 00B6C336
                                                                            • InternetCloseHandle.WININET(00000000), ref: 00B6C341
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                            • String ID:
                                                                            • API String ID: 3113390036-3916222277
                                                                            • Opcode ID: ce2214ee56466f322e9450c963e01f378b419cb63e1e74852571a192a0ed0d55
                                                                            • Instruction ID: 170985d8ea3bc29deeff8a8223189a96d2376547ae88f7b25bd5b4dd3b3dca06
                                                                            • Opcode Fuzzy Hash: ce2214ee56466f322e9450c963e01f378b419cb63e1e74852571a192a0ed0d55
                                                                            • Instruction Fuzzy Hash: 22317AB1600208AFD7219FA49C88ABB7FFCEB49744B10855EF48A93210DB38DD08DB74
                                                                            APIs
                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00B33AAF,?,?,Bad directive syntax error,00B8CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00B598BC
                                                                            • LoadStringW.USER32(00000000,?,00B33AAF,?), ref: 00B598C3
                                                                              • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                            • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00B59987
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HandleLoadMessageModuleString_wcslen
                                                                            • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                            • API String ID: 858772685-4153970271
                                                                            • Opcode ID: d4a614c07c6a974e7d7ba1ed7e4e0dc56bc5e52c777285bdcd61211bb0390a76
                                                                            • Instruction ID: f24f5e542c1d342bca007ed70f2a42f1f6bebffb82a9b26e2c15f528bdd63c00
                                                                            • Opcode Fuzzy Hash: d4a614c07c6a974e7d7ba1ed7e4e0dc56bc5e52c777285bdcd61211bb0390a76
                                                                            • Instruction Fuzzy Hash: B4216F3290021EEBCF11EF90CC06EFE77B5FF14741F0444A5F615660A1EA759A18DB51
                                                                            APIs
                                                                            • GetParent.USER32 ref: 00B520AB
                                                                            • GetClassNameW.USER32(00000000,?,00000100), ref: 00B520C0
                                                                            • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00B5214D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameParentSend
                                                                            • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                            • API String ID: 1290815626-3381328864
                                                                            • Opcode ID: adeb0bca93ca0366a8c589380b2372d5bc5fc6ce57b16e2c647541cb67c63539
                                                                            • Instruction ID: ff16a3ee0d4654c5acc0a61c01e352515ac7e1aa0f4e5ddacbe4746b52fcb3e4
                                                                            • Opcode Fuzzy Hash: adeb0bca93ca0366a8c589380b2372d5bc5fc6ce57b16e2c647541cb67c63539
                                                                            • Instruction Fuzzy Hash: 6311E776685B06BAFA253720DC06EF777DCCF06325B2000E6FF04B50E1FEA158455654
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b79461f91f05b1962a9e1c978ce0cdd79731908f8afaa68fdef354afe12ffddd
                                                                            • Instruction ID: dc71daf29d1fee45ff220d3f2fc25eec42bc0ab5c5534fc595ad90d9e800f424
                                                                            • Opcode Fuzzy Hash: b79461f91f05b1962a9e1c978ce0cdd79731908f8afaa68fdef354afe12ffddd
                                                                            • Instruction Fuzzy Hash: C5C1B175E04269AFDB11AFA8E841BEEBBF0EF09310F0441D9F51DA7292CB309941CB61
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                            • String ID:
                                                                            • API String ID: 1282221369-0
                                                                            • Opcode ID: ec022fe8d866eb32c7bc1be41806bd84117169681b9e6c6c6f6bcbc1d2bd3c81
                                                                            • Instruction ID: 40765487811f527f46f5c918bf79e920e1879ada96a4906083c95d05eea65b18
                                                                            • Opcode Fuzzy Hash: ec022fe8d866eb32c7bc1be41806bd84117169681b9e6c6c6f6bcbc1d2bd3c81
                                                                            • Instruction Fuzzy Hash: EC612571904220ABDB21AFB8BD81A6E7FE5EF09310F1442FDF94DD7281EB31994587A1
                                                                            APIs
                                                                            • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00B46890
                                                                            • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00B468A9
                                                                            • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00B468B9
                                                                            • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00B468D1
                                                                            • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00B468F2
                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00B08874,00000000,00000000,00000000,000000FF,00000000), ref: 00B46901
                                                                            • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00B4691E
                                                                            • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00B08874,00000000,00000000,00000000,000000FF,00000000), ref: 00B4692D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                            • String ID:
                                                                            • API String ID: 1268354404-0
                                                                            • Opcode ID: cd68fc4bd0ffa70c9615df1b9f5c3d8b87832df603570f7339f9f35fd673562f
                                                                            • Instruction ID: 6d70ef98979ce8d6ff23cead5e3d598fd24066fcd8fd633890bc24980d54d811
                                                                            • Opcode Fuzzy Hash: cd68fc4bd0ffa70c9615df1b9f5c3d8b87832df603570f7339f9f35fd673562f
                                                                            • Instruction Fuzzy Hash: AC5168B0600209EFDB208F24CC95FAA7BF5EB59750F104558F996A72E0DBB1EA90DB50
                                                                            APIs
                                                                            • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00B6C182
                                                                            • GetLastError.KERNEL32 ref: 00B6C195
                                                                            • SetEvent.KERNEL32(?), ref: 00B6C1A9
                                                                              • Part of subcall function 00B6C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00B6C272
                                                                              • Part of subcall function 00B6C253: GetLastError.KERNEL32 ref: 00B6C322
                                                                              • Part of subcall function 00B6C253: SetEvent.KERNEL32(?), ref: 00B6C336
                                                                              • Part of subcall function 00B6C253: InternetCloseHandle.WININET(00000000), ref: 00B6C341
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                            • String ID:
                                                                            • API String ID: 337547030-0
                                                                            • Opcode ID: 8b7017fe161a18365778b6151e88676d8928bd6018e434de8c8c35ac7693f0c9
                                                                            • Instruction ID: 55ee6b7d335b6b56ba43d446e79c382340e342632e3879de064040934953dbab
                                                                            • Opcode Fuzzy Hash: 8b7017fe161a18365778b6151e88676d8928bd6018e434de8c8c35ac7693f0c9
                                                                            • Instruction Fuzzy Hash: A9318DB1200605AFDB219FA5DC54A77BFF8FF18300B00846DF99A93620DB39E814DBA0
                                                                            APIs
                                                                              • Part of subcall function 00B53A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00B53A57
                                                                              • Part of subcall function 00B53A3D: GetCurrentThreadId.KERNEL32 ref: 00B53A5E
                                                                              • Part of subcall function 00B53A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00B525B3), ref: 00B53A65
                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00B525BD
                                                                            • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00B525DB
                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00B525DF
                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00B525E9
                                                                            • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00B52601
                                                                            • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00B52605
                                                                            • MapVirtualKeyW.USER32(00000025,00000000), ref: 00B5260F
                                                                            • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00B52623
                                                                            • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00B52627
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                            • String ID:
                                                                            • API String ID: 2014098862-0
                                                                            • Opcode ID: f6ea95b9e78911478295e22a5c57f3c10701a15469a47be5538593d72b7cf17a
                                                                            • Instruction ID: 06d372fbdc113aba08ac71be39fec7bc7652cf08d98ddb8d8442a114ece46c92
                                                                            • Opcode Fuzzy Hash: f6ea95b9e78911478295e22a5c57f3c10701a15469a47be5538593d72b7cf17a
                                                                            • Instruction Fuzzy Hash: 6D01B171290210BBFB1067689CCEF593F99DB4AB52F200051F718AF1E5CDF22448CA79
                                                                            APIs
                                                                            • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00B51449,?,?,00000000), ref: 00B5180C
                                                                            • HeapAlloc.KERNEL32(00000000,?,00B51449,?,?,00000000), ref: 00B51813
                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00B51449,?,?,00000000), ref: 00B51828
                                                                            • GetCurrentProcess.KERNEL32(?,00000000,?,00B51449,?,?,00000000), ref: 00B51830
                                                                            • DuplicateHandle.KERNEL32(00000000,?,00B51449,?,?,00000000), ref: 00B51833
                                                                            • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00B51449,?,?,00000000), ref: 00B51843
                                                                            • GetCurrentProcess.KERNEL32(00B51449,00000000,?,00B51449,?,?,00000000), ref: 00B5184B
                                                                            • DuplicateHandle.KERNEL32(00000000,?,00B51449,?,?,00000000), ref: 00B5184E
                                                                            • CreateThread.KERNEL32(00000000,00000000,00B51874,00000000,00000000,00000000), ref: 00B51868
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                            • String ID:
                                                                            • API String ID: 1957940570-0
                                                                            • Opcode ID: eb502969696b88accfccc315a6a00ead9f09e44c1b1bc81c75609c1a6598ff2f
                                                                            • Instruction ID: 7dfe286bd45031e4e86a13879ad128314be317650cd51e0e2b1d1ba4b633c102
                                                                            • Opcode Fuzzy Hash: eb502969696b88accfccc315a6a00ead9f09e44c1b1bc81c75609c1a6598ff2f
                                                                            • Instruction Fuzzy Hash: 8701BBB5240308BFE710ABA5DC8DF6B3FACEB89B11F104451FA05DB2A1DA719800CB30
                                                                            APIs
                                                                              • Part of subcall function 00B5D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00B5D501
                                                                              • Part of subcall function 00B5D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00B5D50F
                                                                              • Part of subcall function 00B5D4DC: FindCloseChangeNotification.KERNEL32(00000000), ref: 00B5D5DC
                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00B7A16D
                                                                            • GetLastError.KERNEL32 ref: 00B7A180
                                                                            • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00B7A1B3
                                                                            • TerminateProcess.KERNEL32(00000000,00000000), ref: 00B7A268
                                                                            • GetLastError.KERNEL32(00000000), ref: 00B7A273
                                                                            • CloseHandle.KERNEL32(00000000), ref: 00B7A2C4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$CloseErrorLastOpen$ChangeCreateFindFirstHandleNotificationProcess32SnapshotTerminateToolhelp32
                                                                            • String ID: SeDebugPrivilege
                                                                            • API String ID: 1701285019-2896544425
                                                                            • Opcode ID: a33a01e77fa1da5e5357d9724e92cef37ebbbd884e15cbd5b299a7362db70752
                                                                            • Instruction ID: 9d215130cd43f745fb05d695b5e9532c35c8b362e770bdbb1daa66e85b33a846
                                                                            • Opcode Fuzzy Hash: a33a01e77fa1da5e5357d9724e92cef37ebbbd884e15cbd5b299a7362db70752
                                                                            • Instruction Fuzzy Hash: A9618E71204242AFD710DF19C494F29BBE1AF84318F54C49CE46A4BBA3C772EC49CB92
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00B83925
                                                                            • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00B8393A
                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00B83954
                                                                            • _wcslen.LIBCMT ref: 00B83999
                                                                            • SendMessageW.USER32(?,00001057,00000000,?), ref: 00B839C6
                                                                            • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00B839F4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Window_wcslen
                                                                            • String ID: SysListView32
                                                                            • API String ID: 2147712094-78025650
                                                                            • Opcode ID: 1c31b5d39ed75d6e7ca4558ab8f508adc2db913d45c6adbf064582cde1e3688d
                                                                            • Instruction ID: 4a9fc5636dafa2ba37aba50ab204e80e670fb7f7b2ba6c8ed72c60c1e9409c9e
                                                                            • Opcode Fuzzy Hash: 1c31b5d39ed75d6e7ca4558ab8f508adc2db913d45c6adbf064582cde1e3688d
                                                                            • Instruction Fuzzy Hash: 2941B471A00218ABDB21AF64CC49FEA7BE9EF08B50F1005A6F545E72A1D771DA80CB90
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B5BCFD
                                                                            • IsMenu.USER32(00000000), ref: 00B5BD1D
                                                                            • CreatePopupMenu.USER32 ref: 00B5BD53
                                                                            • GetMenuItemCount.USER32(01416AE0), ref: 00B5BDA4
                                                                            • InsertMenuItemW.USER32(01416AE0,?,00000001,00000030), ref: 00B5BDCC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                            • String ID: 0$2
                                                                            • API String ID: 93392585-3793063076
                                                                            • Opcode ID: 2aecd7e1e455e4e3c38121cb6b81359cdb96995dbffeeca7fcc7a9ed42213b53
                                                                            • Instruction ID: f4fa002771a827533b1398480045d9fe25195dcbdd4610dfd1d4277c3bdccaad
                                                                            • Opcode Fuzzy Hash: 2aecd7e1e455e4e3c38121cb6b81359cdb96995dbffeeca7fcc7a9ed42213b53
                                                                            • Instruction Fuzzy Hash: E9518D70A002099BDF10CFA8D885FAEBBF4EF59316F1441E9EC11972D1D7709949CB61
                                                                            APIs
                                                                            • LoadIconW.USER32(00000000,00007F03), ref: 00B5C913
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: IconLoad
                                                                            • String ID: blank$info$question$stop$warning
                                                                            • API String ID: 2457776203-404129466
                                                                            • Opcode ID: db0e279f1d71a1e560868f68799bc7bcb2d5de077db4e2e970e5e674fc9a6e3b
                                                                            • Instruction ID: 94c694f2146885f0d2135a713420b1451e341fb02b5c657dd6b65017df36028e
                                                                            • Opcode Fuzzy Hash: db0e279f1d71a1e560868f68799bc7bcb2d5de077db4e2e970e5e674fc9a6e3b
                                                                            • Instruction Fuzzy Hash: 8E113A32689306BFE7029B159C83EFE6BDCDF15716B6000FAFD00A62D2EBB45E445264
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                            • String ID: 0.0.0.0
                                                                            • API String ID: 642191829-3771769585
                                                                            • Opcode ID: 3c71552539194ec1eb7dd1f88963ff4a814a0b4a4f72f37b29779545f8aa4e8a
                                                                            • Instruction ID: 1cfd924d2e1487877e7de3557ccffc70888fdc4125f3b30a7afb436297bbfc1c
                                                                            • Opcode Fuzzy Hash: 3c71552539194ec1eb7dd1f88963ff4a814a0b4a4f72f37b29779545f8aa4e8a
                                                                            • Instruction Fuzzy Hash: 5511B771904119AFDB34AB609C4AFEE7BECDB15712F1002E9F945A70A1EF718E85CB60
                                                                            APIs
                                                                              • Part of subcall function 00B09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B09BB2
                                                                            • GetSystemMetrics.USER32(0000000F), ref: 00B89FC7
                                                                            • GetSystemMetrics.USER32(0000000F), ref: 00B89FE7
                                                                            • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00B8A224
                                                                            • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00B8A242
                                                                            • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00B8A263
                                                                            • ShowWindow.USER32(00000003,00000000), ref: 00B8A282
                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00B8A2A7
                                                                            • DefDlgProcW.USER32(?,00000005,?,?), ref: 00B8A2CA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                            • String ID:
                                                                            • API String ID: 1211466189-0
                                                                            • Opcode ID: 1f67ecf8e8bfda8bc529b4fec3d50e246b4bad04f1d8892d44fad8803d31f0fb
                                                                            • Instruction ID: eb13e575e309f1f57f2880d20661bcd0e69d6ea25ce41ad3dc46b08c15c74de5
                                                                            • Opcode Fuzzy Hash: 1f67ecf8e8bfda8bc529b4fec3d50e246b4bad04f1d8892d44fad8803d31f0fb
                                                                            • Instruction Fuzzy Hash: CEB18E71600215DFEF24DF68C9857AE7BF2FF45711F0880AAEC45AB2A5DB31A940CB51
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$LocalTime
                                                                            • String ID:
                                                                            • API String ID: 952045576-0
                                                                            • Opcode ID: 7b236c234acc88c75e4b5810f09a9a7db5fd0104cad528f47f0829454687d2be
                                                                            • Instruction ID: 01db02a131e5d56f2f80aa6d9d4a273d951b51b1dbf0ec3c5ce9d050267edc2f
                                                                            • Opcode Fuzzy Hash: 7b236c234acc88c75e4b5810f09a9a7db5fd0104cad528f47f0829454687d2be
                                                                            • Instruction Fuzzy Hash: 3F418365C1011875CB51EBB4C88AACFB7E8AF45710F9084E6E924E3162FB34D799C3E5
                                                                            APIs
                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00B4682C,00000004,00000000,00000000), ref: 00B0F953
                                                                            • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00B4682C,00000004,00000000,00000000), ref: 00B4F3D1
                                                                            • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00B4682C,00000004,00000000,00000000), ref: 00B4F454
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ShowWindow
                                                                            • String ID:
                                                                            • API String ID: 1268545403-0
                                                                            • Opcode ID: 1da9d23b12cc8f1bb28de45aa5fc30f3d206ce4658b85dd0151dd8e49d9a9e5e
                                                                            • Instruction ID: b5c22d8d892a84249a6bb3181c2a7cbdff5f59756cda2384c17a7c280a968074
                                                                            • Opcode Fuzzy Hash: 1da9d23b12cc8f1bb28de45aa5fc30f3d206ce4658b85dd0151dd8e49d9a9e5e
                                                                            • Instruction Fuzzy Hash: 0041F531708682BEC7388B289888B7A7FD2EB96310F1444BDE08753EB1CA31E981D711
                                                                            APIs
                                                                            • DeleteObject.GDI32(00000000), ref: 00B82D1B
                                                                            • GetDC.USER32(00000000), ref: 00B82D23
                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B82D2E
                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00B82D3A
                                                                            • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00B82D76
                                                                            • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00B82D87
                                                                            • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00B85A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00B82DC2
                                                                            • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00B82DE1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                            • String ID:
                                                                            • API String ID: 3864802216-0
                                                                            • Opcode ID: f262ec9639f4d5a5a3dee2ac0508efe29cf1cd6ff5b58ed3c7740c19053ff609
                                                                            • Instruction ID: 6c08cc8abf388f62865216b3c166713576dbf1dd15b2a37c00702ffa19091d53
                                                                            • Opcode Fuzzy Hash: f262ec9639f4d5a5a3dee2ac0508efe29cf1cd6ff5b58ed3c7740c19053ff609
                                                                            • Instruction Fuzzy Hash: B8318BB6201214BBEB119F508C8AFEB3FA9EF09755F044065FE089B2A1DA759C40CBB0
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _memcmp
                                                                            • String ID:
                                                                            • API String ID: 2931989736-0
                                                                            • Opcode ID: e53456406919e0ce9039ed4e48db7abb0290c4b4f4bfa5e16c4488e37e64c68a
                                                                            • Instruction ID: 272f65c5c7edfe7d34751067f9a718696ea3d8f0b89c5b5940e51c62b2291375
                                                                            • Opcode Fuzzy Hash: e53456406919e0ce9039ed4e48db7abb0290c4b4f4bfa5e16c4488e37e64c68a
                                                                            • Instruction Fuzzy Hash: BA21DA61641909B7D6246D159DE2FFA33DCEF14387F9400E0FE045A555F720EE18C6A9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: NULL Pointer assignment$Not an Object type
                                                                            • API String ID: 0-572801152
                                                                            • Opcode ID: 313e9f235e689d3cfba053e0a73f3c7f02e38df63744afab494aa0ed5cba397f
                                                                            • Instruction ID: 4bd7c27414ee8e171d4053fd26dbc34d62963974c99f7b3bf163c6124eee4dd7
                                                                            • Opcode Fuzzy Hash: 313e9f235e689d3cfba053e0a73f3c7f02e38df63744afab494aa0ed5cba397f
                                                                            • Instruction Fuzzy Hash: A8D18071A0060A9FDB20CF58C881BAEB7F5FF48344F15C4A9E929AB291D7B0DD45CB60
                                                                            APIs
                                                                            • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00B317FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00B315CE
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00B317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00B31651
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00B317FB,?,00B317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00B316E4
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00B317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00B316FB
                                                                              • Part of subcall function 00B23820: RtlAllocateHeap.NTDLL(00000000,?,00BC1444,?,00B0FDF5,?,?,00AFA976,00000010,00BC1440,00AF13FC,?,00AF13C6,?,00AF1129), ref: 00B23852
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00B317FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00B31777
                                                                            • __freea.LIBCMT ref: 00B317A2
                                                                            • __freea.LIBCMT ref: 00B317AE
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                            • String ID:
                                                                            • API String ID: 2829977744-0
                                                                            • Opcode ID: 2f0cdd8105bb95d9fea6af5eccd456f15248eef70f5f93c92582623b09c79d3b
                                                                            • Instruction ID: 990382ee46cecf8badf2b3b9d3500beae4551cd97024a50ba9f826eee9abe997
                                                                            • Opcode Fuzzy Hash: 2f0cdd8105bb95d9fea6af5eccd456f15248eef70f5f93c92582623b09c79d3b
                                                                            • Instruction Fuzzy Hash: 3991A3B1E102169ADF209FA8CC81AEE7BF9DF59710F294A99E805E7251DB35DC40CB60
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearInit
                                                                            • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                            • API String ID: 2610073882-625585964
                                                                            • Opcode ID: ff7bba2bacbf98817620705cba596786bd2ede5804fafc8f22f013a5cca88c5e
                                                                            • Instruction ID: bd0b375f418da32b95b7e12d4b5622faf46de03f98b78c0201e23c88f68c45c1
                                                                            • Opcode Fuzzy Hash: ff7bba2bacbf98817620705cba596786bd2ede5804fafc8f22f013a5cca88c5e
                                                                            • Instruction Fuzzy Hash: E4918171A00219ABDF24CFA5D884FAEBBF8EF45711F10C599F529AB290D7709941CFA0
                                                                            APIs
                                                                            • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00B6125C
                                                                            • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00B61284
                                                                            • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00B612A8
                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00B612D8
                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00B6135F
                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00B613C4
                                                                            • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00B61430
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                            • String ID:
                                                                            • API String ID: 2550207440-0
                                                                            • Opcode ID: 3a7b81506a1266d9f04ac3e5598493a8edb7e61b4ae93bd671b0c4524d6728a7
                                                                            • Instruction ID: a69215802516a55eb9ba7ea0069481d1b3a22e27e2a754eae23881bddcac4e95
                                                                            • Opcode Fuzzy Hash: 3a7b81506a1266d9f04ac3e5598493a8edb7e61b4ae93bd671b0c4524d6728a7
                                                                            • Instruction Fuzzy Hash: 8B91C171A00209AFDB00DFA8D895BBEB7F5FF45314F1888A9E501E7391DB78A941CB90
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                            • String ID:
                                                                            • API String ID: 3225163088-0
                                                                            • Opcode ID: 836fb6feb32647cb0a2ec0e8502bd3a8242358ff1d3a976d75e945119f0fd454
                                                                            • Instruction ID: ce8ddb155f3fa05dd57552025dec453a83309db43dbf499812ce2f2d672a0eca
                                                                            • Opcode Fuzzy Hash: 836fb6feb32647cb0a2ec0e8502bd3a8242358ff1d3a976d75e945119f0fd454
                                                                            • Instruction Fuzzy Hash: 70911571940219EFCB10CFA9CC84AEEBFB8FF49320F148595E515B7292D774AA42DB60
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(?), ref: 00B7396B
                                                                            • CharUpperBuffW.USER32(?,?), ref: 00B73A7A
                                                                            • _wcslen.LIBCMT ref: 00B73A8A
                                                                            • VariantClear.OLEAUT32(?), ref: 00B73C1F
                                                                              • Part of subcall function 00B60CDF: VariantInit.OLEAUT32(00000000), ref: 00B60D1F
                                                                              • Part of subcall function 00B60CDF: VariantCopy.OLEAUT32(?,?), ref: 00B60D28
                                                                              • Part of subcall function 00B60CDF: VariantClear.OLEAUT32(?), ref: 00B60D34
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                            • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                            • API String ID: 4137639002-1221869570
                                                                            • Opcode ID: 9c184e05cc0c2ee32c6fc09c56492b617e2aebc5fad93b26279a88c7f4e518fa
                                                                            • Instruction ID: 1c64be44a11bfe9c202488cf317c17f02e11db7546f54492e7508a401ea4ea35
                                                                            • Opcode Fuzzy Hash: 9c184e05cc0c2ee32c6fc09c56492b617e2aebc5fad93b26279a88c7f4e518fa
                                                                            • Instruction Fuzzy Hash: 489188756083059FC700EF64C58196ABBE4FF88714F1488AEF89A9B351DB30EE45DB92
                                                                            APIs
                                                                              • Part of subcall function 00B5000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B4FF41,80070057,?,?,?,00B5035E), ref: 00B5002B
                                                                              • Part of subcall function 00B5000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B4FF41,80070057,?,?), ref: 00B50046
                                                                              • Part of subcall function 00B5000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B4FF41,80070057,?,?), ref: 00B50054
                                                                              • Part of subcall function 00B5000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B4FF41,80070057,?), ref: 00B50064
                                                                            • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00B74C51
                                                                            • _wcslen.LIBCMT ref: 00B74D59
                                                                            • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00B74DCF
                                                                            • CoTaskMemFree.OLE32(?), ref: 00B74DDA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                            • String ID: NULL Pointer assignment
                                                                            • API String ID: 614568839-2785691316
                                                                            • Opcode ID: 8746c8d5e9300036eb013c936aeb798429fb14923c1bfd8400f1700642506e43
                                                                            • Instruction ID: f16b3239dda8bad7eb387af4c4bcaf8b8adb71e63507b72efc924aa0aeebd645
                                                                            • Opcode Fuzzy Hash: 8746c8d5e9300036eb013c936aeb798429fb14923c1bfd8400f1700642506e43
                                                                            • Instruction Fuzzy Hash: 6091F571D0021DAFDF15DFA4D891AEEB7B9FF08310F1085A9E929A7251DB709A44CFA0
                                                                            APIs
                                                                            • GetMenu.USER32(?), ref: 00B82183
                                                                            • GetMenuItemCount.USER32(00000000), ref: 00B821B5
                                                                            • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00B821DD
                                                                            • _wcslen.LIBCMT ref: 00B82213
                                                                            • GetMenuItemID.USER32(?,?), ref: 00B8224D
                                                                            • GetSubMenu.USER32(?,?), ref: 00B8225B
                                                                              • Part of subcall function 00B53A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00B53A57
                                                                              • Part of subcall function 00B53A3D: GetCurrentThreadId.KERNEL32 ref: 00B53A5E
                                                                              • Part of subcall function 00B53A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00B525B3), ref: 00B53A65
                                                                            • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00B822E3
                                                                              • Part of subcall function 00B5E97B: Sleep.KERNEL32 ref: 00B5E9F3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                            • String ID:
                                                                            • API String ID: 4196846111-0
                                                                            • Opcode ID: 27b5652c540c049e1adcbfe844057df0eac889ae9a51da9028598ab72036f9ca
                                                                            • Instruction ID: 04d95efcbf8db76cf882e559f6601bce64c23342c56aee8e6bc25e826c59b0db
                                                                            • Opcode Fuzzy Hash: 27b5652c540c049e1adcbfe844057df0eac889ae9a51da9028598ab72036f9ca
                                                                            • Instruction Fuzzy Hash: E3715275E00205AFCB14EFA5C985AAEBBF5EF48310F148499E916EB361DB34ED41CB90
                                                                            APIs
                                                                            • IsWindow.USER32(01416BA8), ref: 00B87F37
                                                                            • IsWindowEnabled.USER32(01416BA8), ref: 00B87F43
                                                                            • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00B8801E
                                                                            • SendMessageW.USER32(01416BA8,000000B0,?,?), ref: 00B88051
                                                                            • IsDlgButtonChecked.USER32(?,?), ref: 00B88089
                                                                            • GetWindowLongW.USER32(01416BA8,000000EC), ref: 00B880AB
                                                                            • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00B880C3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                            • String ID:
                                                                            • API String ID: 4072528602-0
                                                                            • Opcode ID: f92631b14df7aabb4604b197e26fb1622438ec1d54fb9b720e879b3d22089787
                                                                            • Instruction ID: 7f38cfabb24bd4b334c7c9f9104b93694ea66a46a50893bc17527a4bb377e353
                                                                            • Opcode Fuzzy Hash: f92631b14df7aabb4604b197e26fb1622438ec1d54fb9b720e879b3d22089787
                                                                            • Instruction Fuzzy Hash: EA71AD74648244AFEB21AF65C884FAA7BF5EF0A304F244499FA45972B1CF31EC45DB60
                                                                            APIs
                                                                            • GetParent.USER32(?), ref: 00B5AEF9
                                                                            • GetKeyboardState.USER32(?), ref: 00B5AF0E
                                                                            • SetKeyboardState.USER32(?), ref: 00B5AF6F
                                                                            • PostMessageW.USER32(?,00000101,00000010,?), ref: 00B5AF9D
                                                                            • PostMessageW.USER32(?,00000101,00000011,?), ref: 00B5AFBC
                                                                            • PostMessageW.USER32(?,00000101,00000012,?), ref: 00B5AFFD
                                                                            • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00B5B020
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                            • String ID:
                                                                            • API String ID: 87235514-0
                                                                            • Opcode ID: f80454ccaba38ac4912d1293929c92801f1967054aef7003e6c9f34684909801
                                                                            • Instruction ID: 990444fc14ffe13fe33a9b841fb4d95845ba6d4396866f80553e8553e9fa3340
                                                                            • Opcode Fuzzy Hash: f80454ccaba38ac4912d1293929c92801f1967054aef7003e6c9f34684909801
                                                                            • Instruction Fuzzy Hash: 4151E4A06047D53DFB3642348C45BBABEE99B06305F0885C9E9D9968C2D3D9ACCCD761
                                                                            APIs
                                                                            • GetParent.USER32(00000000), ref: 00B5AD19
                                                                            • GetKeyboardState.USER32(?), ref: 00B5AD2E
                                                                            • SetKeyboardState.USER32(?), ref: 00B5AD8F
                                                                            • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00B5ADBB
                                                                            • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00B5ADD8
                                                                            • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00B5AE17
                                                                            • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00B5AE38
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePost$KeyboardState$Parent
                                                                            • String ID:
                                                                            • API String ID: 87235514-0
                                                                            • Opcode ID: f1a45399576c1ee30ebb590b2cf756bef382b90f818165f9ff49acaca2ee7fcd
                                                                            • Instruction ID: 6b91f2e32e30d7cc096890023214308d3c9d03995a15faa9acdff41c00e26da1
                                                                            • Opcode Fuzzy Hash: f1a45399576c1ee30ebb590b2cf756bef382b90f818165f9ff49acaca2ee7fcd
                                                                            • Instruction Fuzzy Hash: 7C5109A15047D53DFB3353348C46B7ABEE8AB05302F1886D8E5D5668C2D794EC8CD762
                                                                            APIs
                                                                            • GetConsoleCP.KERNEL32(00B33CD6,?,?,?,?,?,?,?,?,00B25BA3,?,?,00B33CD6,?,?), ref: 00B25470
                                                                            • __fassign.LIBCMT ref: 00B254EB
                                                                            • __fassign.LIBCMT ref: 00B25506
                                                                            • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00B33CD6,00000005,00000000,00000000), ref: 00B2552C
                                                                            • WriteFile.KERNEL32(?,00B33CD6,00000000,00B25BA3,00000000,?,?,?,?,?,?,?,?,?,00B25BA3,?), ref: 00B2554B
                                                                            • WriteFile.KERNEL32(?,?,00000001,00B25BA3,00000000,?,?,?,?,?,?,?,?,?,00B25BA3,?), ref: 00B25584
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                            • String ID:
                                                                            • API String ID: 1324828854-0
                                                                            • Opcode ID: 2301590b81e400463752cedd66f49a58f8d9b50fe54ab5595e3a68ab7ef329b6
                                                                            • Instruction ID: f3f88f68d1ccca39321a102cf573b49eb433c842342179325b2f17f16afbd170
                                                                            • Opcode Fuzzy Hash: 2301590b81e400463752cedd66f49a58f8d9b50fe54ab5595e3a68ab7ef329b6
                                                                            • Instruction Fuzzy Hash: DF51E6B09006189FDB20DFA8E885BEEBBF9EF19300F14415AF559E7291D730DA41CB60
                                                                            APIs
                                                                            • _ValidateLocalCookies.LIBCMT ref: 00B12D4B
                                                                            • ___except_validate_context_record.LIBVCRUNTIME ref: 00B12D53
                                                                            • _ValidateLocalCookies.LIBCMT ref: 00B12DE1
                                                                            • __IsNonwritableInCurrentImage.LIBCMT ref: 00B12E0C
                                                                            • _ValidateLocalCookies.LIBCMT ref: 00B12E61
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                            • String ID: csm
                                                                            • API String ID: 1170836740-1018135373
                                                                            • Opcode ID: 434fb371e055ab91b27d2bceba9fba8e4ebd47ad8021ddc23ef73f8e1dc08c08
                                                                            • Instruction ID: 01fc0e97f50fc995d68bfa992814e9354876639b10bd7e12b56305b7ad330d61
                                                                            • Opcode Fuzzy Hash: 434fb371e055ab91b27d2bceba9fba8e4ebd47ad8021ddc23ef73f8e1dc08c08
                                                                            • Instruction Fuzzy Hash: 6A419534A002099BCF10DF68D845ADEBBF5FF45324F9481E5E914AB392D7319AA5CBD0
                                                                            APIs
                                                                              • Part of subcall function 00B7304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00B7307A
                                                                              • Part of subcall function 00B7304E: _wcslen.LIBCMT ref: 00B7309B
                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00B71112
                                                                            • WSAGetLastError.WSOCK32 ref: 00B71121
                                                                            • WSAGetLastError.WSOCK32 ref: 00B711C9
                                                                            • closesocket.WSOCK32(00000000), ref: 00B711F9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                            • String ID:
                                                                            • API String ID: 2675159561-0
                                                                            • Opcode ID: b223c3840e6fb63723463614548b59e2fe2b8b9480cf978783e4d4563ba60486
                                                                            • Instruction ID: 7d922f48b399f5e09df0a6ebd62fc5328396b038e1d9a88e7e67db852d5dc109
                                                                            • Opcode Fuzzy Hash: b223c3840e6fb63723463614548b59e2fe2b8b9480cf978783e4d4563ba60486
                                                                            • Instruction Fuzzy Hash: 0041F671600208AFDB109F5CC885BA9BBE9EF45724F54C499FD29AF291CB70AD41CBB1
                                                                            APIs
                                                                              • Part of subcall function 00B5DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00B5CF22,?), ref: 00B5DDFD
                                                                              • Part of subcall function 00B5DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00B5CF22,?), ref: 00B5DE16
                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 00B5CF45
                                                                            • MoveFileW.KERNEL32(?,?), ref: 00B5CF7F
                                                                            • _wcslen.LIBCMT ref: 00B5D005
                                                                            • _wcslen.LIBCMT ref: 00B5D01B
                                                                            • SHFileOperationW.SHELL32(?), ref: 00B5D061
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                            • String ID: \*.*
                                                                            • API String ID: 3164238972-1173974218
                                                                            • Opcode ID: fd29094decdda8ef5168426bac1f61f977105920eee77524be75e74afeb34908
                                                                            • Instruction ID: 71853270ed2033c8a060b8582754395176a34a4d43d469ae5d9e44ff4eeeb3c5
                                                                            • Opcode Fuzzy Hash: fd29094decdda8ef5168426bac1f61f977105920eee77524be75e74afeb34908
                                                                            • Instruction Fuzzy Hash: 774112719452195FDF12EBA4D981BDEB7F9EF08381F1000E6A509EB151EA34A78DCB50
                                                                            APIs
                                                                            • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00B82E1C
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00B82E4F
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00B82E84
                                                                            • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00B82EB6
                                                                            • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00B82EE0
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00B82EF1
                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B82F0B
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LongWindow$MessageSend
                                                                            • String ID:
                                                                            • API String ID: 2178440468-0
                                                                            • Opcode ID: 9b9e81fd69b486a7de7b0eda2741c2d78eff7661413cc7267e95166da1284556
                                                                            • Instruction ID: 6d2d5816f16756799fba3bc82c41e49f52bca93c44c78a7da69409ef6da7fd2a
                                                                            • Opcode Fuzzy Hash: 9b9e81fd69b486a7de7b0eda2741c2d78eff7661413cc7267e95166da1284556
                                                                            • Instruction Fuzzy Hash: A3311230604250AFEB21EF58DC85FA53BE1FB9A712F1501A5FA019F2B2CBB1AC41DB55
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00B57769
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00B5778F
                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00B57792
                                                                            • SysAllocString.OLEAUT32(?), ref: 00B577B0
                                                                            • SysFreeString.OLEAUT32(?), ref: 00B577B9
                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 00B577DE
                                                                            • SysAllocString.OLEAUT32(?), ref: 00B577EC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                            • String ID:
                                                                            • API String ID: 3761583154-0
                                                                            • Opcode ID: 1a394c1c2234f7e2c3590860db626324bcf724418fd1bd90e715b0fda16bfcbc
                                                                            • Instruction ID: 88018cf577ec4e5ebbf603046bebdeaded509a0f7c4fcdbbeecd41cdf092389e
                                                                            • Opcode Fuzzy Hash: 1a394c1c2234f7e2c3590860db626324bcf724418fd1bd90e715b0fda16bfcbc
                                                                            • Instruction Fuzzy Hash: 9121A376704219AFDB10EFA8EC88DBB77ECEB09364B0480A5BD04DB2A0DA70DC45C760
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00B57842
                                                                            • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00B57868
                                                                            • SysAllocString.OLEAUT32(00000000), ref: 00B5786B
                                                                            • SysAllocString.OLEAUT32 ref: 00B5788C
                                                                            • SysFreeString.OLEAUT32 ref: 00B57895
                                                                            • StringFromGUID2.OLE32(?,?,00000028), ref: 00B578AF
                                                                            • SysAllocString.OLEAUT32(?), ref: 00B578BD
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                            • String ID:
                                                                            • API String ID: 3761583154-0
                                                                            • Opcode ID: 9206e01928431d92295888e580b5b0cfaa242a8b96132a8030aa53cfc6b1a7d7
                                                                            • Instruction ID: e112806e3a8ca06aa53d0eb8e610b71807e2b75b9b15b33c0ab6755a339e59bd
                                                                            • Opcode Fuzzy Hash: 9206e01928431d92295888e580b5b0cfaa242a8b96132a8030aa53cfc6b1a7d7
                                                                            • Instruction Fuzzy Hash: 20218171704114AFDB109BA9EC8CEBA77ECEB0836071481A5B915CB2A1DA70DC45CB74
                                                                            APIs
                                                                            • GetStdHandle.KERNEL32(0000000C), ref: 00B604F2
                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00B6052E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateHandlePipe
                                                                            • String ID: nul
                                                                            • API String ID: 1424370930-2873401336
                                                                            • Opcode ID: e84803ecc6f6a87c0aba62beeffff6e97a5f52379f499363750ff29d828d0024
                                                                            • Instruction ID: bc62c955d70a848640eb6a9cdf40e076f7390abb5964836377942f1309a72847
                                                                            • Opcode Fuzzy Hash: e84803ecc6f6a87c0aba62beeffff6e97a5f52379f499363750ff29d828d0024
                                                                            • Instruction Fuzzy Hash: 13216075510305ABDB20AF2ADC84A9B7BF4EF54724F204A59F9A2D72E0E7749940CF20
                                                                            APIs
                                                                            • GetStdHandle.KERNEL32(000000F6), ref: 00B605C6
                                                                            • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00B60601
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateHandlePipe
                                                                            • String ID: nul
                                                                            • API String ID: 1424370930-2873401336
                                                                            • Opcode ID: 59991e22e598d0620a8ea28b08b6331723726c4dd687d68517f86a9fee383a48
                                                                            • Instruction ID: 44a19358fe737cb26bcced7ba345f643aa72a293be4343f2e0d6fcba650c2f8c
                                                                            • Opcode Fuzzy Hash: 59991e22e598d0620a8ea28b08b6331723726c4dd687d68517f86a9fee383a48
                                                                            • Instruction Fuzzy Hash: 812162755103059BDB20AF6ADC44E9B77E4FF95720F200A59F8A1E72E0DBB49960CB24
                                                                            APIs
                                                                              • Part of subcall function 00AF600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00AF604C
                                                                              • Part of subcall function 00AF600E: GetStockObject.GDI32(00000011), ref: 00AF6060
                                                                              • Part of subcall function 00AF600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00AF606A
                                                                            • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00B84112
                                                                            • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00B8411F
                                                                            • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00B8412A
                                                                            • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00B84139
                                                                            • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00B84145
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CreateObjectStockWindow
                                                                            • String ID: Msctls_Progress32
                                                                            • API String ID: 1025951953-3636473452
                                                                            • Opcode ID: 0ce324a9177a5d433e2b13e09f143ed7697c863c7ed482f8b4ee023b4d8ef305
                                                                            • Instruction ID: c2d9cb0976564354345e5216995bef316a6d5ac18c4b5e0d19c53cf170bddf94
                                                                            • Opcode Fuzzy Hash: 0ce324a9177a5d433e2b13e09f143ed7697c863c7ed482f8b4ee023b4d8ef305
                                                                            • Instruction Fuzzy Hash: 631190B215021ABEEF119F64CC85EE77F9DEF08798F014110BA18A60A0CB72DC21DBA4
                                                                            APIs
                                                                              • Part of subcall function 00B2D7A3: _free.LIBCMT ref: 00B2D7CC
                                                                            • _free.LIBCMT ref: 00B2D82D
                                                                              • Part of subcall function 00B229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000), ref: 00B229DE
                                                                              • Part of subcall function 00B229C8: GetLastError.KERNEL32(00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000,00000000), ref: 00B229F0
                                                                            • _free.LIBCMT ref: 00B2D838
                                                                            • _free.LIBCMT ref: 00B2D843
                                                                            • _free.LIBCMT ref: 00B2D897
                                                                            • _free.LIBCMT ref: 00B2D8A2
                                                                            • _free.LIBCMT ref: 00B2D8AD
                                                                            • _free.LIBCMT ref: 00B2D8B8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                            • String ID:
                                                                            • API String ID: 776569668-0
                                                                            • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                            • Instruction ID: 1b84c78481c7243f4a22098b7a37c2610232047e2adba2efc34fc77d76c1dfdc
                                                                            • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                            • Instruction Fuzzy Hash: 1D115E71540B24BAD621BFB0EC47FCB7BDCAF04700F800965B2DDE61A2DA69B9458660
                                                                            APIs
                                                                            • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00B5DA74
                                                                            • LoadStringW.USER32(00000000), ref: 00B5DA7B
                                                                            • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00B5DA91
                                                                            • LoadStringW.USER32(00000000), ref: 00B5DA98
                                                                            • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00B5DADC
                                                                            Strings
                                                                            • %s (%d) : ==> %s: %s %s, xrefs: 00B5DAB9
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HandleLoadModuleString$Message
                                                                            • String ID: %s (%d) : ==> %s: %s %s
                                                                            • API String ID: 4072794657-3128320259
                                                                            • Opcode ID: b7ff9142c840bdfc882ed2a5f13904775ade9a20e65b659b7d807a56255e00eb
                                                                            • Instruction ID: 571b6748c584179f506e9dfb530df0af5d9deb9a51eb7828ac2ce9efacc5ecff
                                                                            • Opcode Fuzzy Hash: b7ff9142c840bdfc882ed2a5f13904775ade9a20e65b659b7d807a56255e00eb
                                                                            • Instruction Fuzzy Hash: 550162F65002087FE750ABA09D89EE737ACE708701F4005E6B706E3051EA749E848F74
                                                                            APIs
                                                                            • InterlockedExchange.KERNEL32(0140E9A0,0140E9A0), ref: 00B6097B
                                                                            • EnterCriticalSection.KERNEL32(0140E980,00000000), ref: 00B6098D
                                                                            • TerminateThread.KERNEL32(?,000001F6), ref: 00B6099B
                                                                            • WaitForSingleObject.KERNEL32(?,000003E8), ref: 00B609A9
                                                                            • CloseHandle.KERNEL32(?), ref: 00B609B8
                                                                            • InterlockedExchange.KERNEL32(0140E9A0,000001F6), ref: 00B609C8
                                                                            • LeaveCriticalSection.KERNEL32(0140E980), ref: 00B609CF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                            • String ID:
                                                                            • API String ID: 3495660284-0
                                                                            • Opcode ID: e5300562aca41663ae00d56f8f20f62ff0ebddf8a66eddc93c257aff0e2592cf
                                                                            • Instruction ID: caeb75b624c54eefb5d46e60b3ac9fd9abc433775c5c7c7b13a9af1b4f308816
                                                                            • Opcode Fuzzy Hash: e5300562aca41663ae00d56f8f20f62ff0ebddf8a66eddc93c257aff0e2592cf
                                                                            • Instruction Fuzzy Hash: 97F01972442A02EBD7416FA4EE8CAD6BB29FF01712F502025F202928F0CB749465CFA0
                                                                            APIs
                                                                            • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00B71DC0
                                                                            • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00B71DE1
                                                                            • WSAGetLastError.WSOCK32 ref: 00B71DF2
                                                                            • htons.WSOCK32(?,?,?,?,?), ref: 00B71EDB
                                                                            • inet_ntoa.WSOCK32(?), ref: 00B71E8C
                                                                              • Part of subcall function 00B539E8: _strlen.LIBCMT ref: 00B539F2
                                                                              • Part of subcall function 00B73224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00B6EC0C), ref: 00B73240
                                                                            • _strlen.LIBCMT ref: 00B71F35
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                            • String ID:
                                                                            • API String ID: 3203458085-0
                                                                            • Opcode ID: b79bce1136752de8e2b5020a212a809dfa0c64b96f384c1f67b57c63c35fb23d
                                                                            • Instruction ID: bdccb94565a2cefe1ad23f02cdc0686b1c554d52c73a51cbdf6f4dcae4fa0e5d
                                                                            • Opcode Fuzzy Hash: b79bce1136752de8e2b5020a212a809dfa0c64b96f384c1f67b57c63c35fb23d
                                                                            • Instruction Fuzzy Hash: CEB1AD71604340AFC324DF68C895E2A7BE5EF84318F54899CF56A5F2A2CB31ED41CBA1
                                                                            APIs
                                                                            • GetClientRect.USER32(?,?), ref: 00AF5D30
                                                                            • GetWindowRect.USER32(?,?), ref: 00AF5D71
                                                                            • ScreenToClient.USER32(?,?), ref: 00AF5D99
                                                                            • GetClientRect.USER32(?,?), ref: 00AF5ED7
                                                                            • GetWindowRect.USER32(?,?), ref: 00AF5EF8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$Client$Window$Screen
                                                                            • String ID:
                                                                            • API String ID: 1296646539-0
                                                                            • Opcode ID: 2b36a8c8b23679d5e33bc41ab7670585607d74788d6465f249f70c1248826357
                                                                            • Instruction ID: 8a24bd6e60ae8232e233015a13e5c763718e97667862349e61b78161963b2b56
                                                                            • Opcode Fuzzy Hash: 2b36a8c8b23679d5e33bc41ab7670585607d74788d6465f249f70c1248826357
                                                                            • Instruction Fuzzy Hash: 22B16774A00A4ADBDB14CFB9C4807FAB7F1FF58310F24851AEAA9D7250DB34AA51DB50
                                                                            APIs
                                                                            • __allrem.LIBCMT ref: 00B200BA
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B200D6
                                                                            • __allrem.LIBCMT ref: 00B200ED
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B2010B
                                                                            • __allrem.LIBCMT ref: 00B20122
                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B20140
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                            • String ID:
                                                                            • API String ID: 1992179935-0
                                                                            • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                            • Instruction ID: 5a6c95c6bf88bd2246e990d65a590c35d88c2efc42a5274df910ed09121d6069
                                                                            • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                            • Instruction Fuzzy Hash: CF812772A017169BE720AF28DC41BAB73E9EF45360F2445BEF519D7282EBB0D941C790
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00B182D9,00B182D9,?,?,?,00B2644F,00000001,00000001,8BE85006), ref: 00B26258
                                                                            • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00B2644F,00000001,00000001,8BE85006,?,?,?), ref: 00B262DE
                                                                            • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00B263D8
                                                                            • __freea.LIBCMT ref: 00B263E5
                                                                              • Part of subcall function 00B23820: RtlAllocateHeap.NTDLL(00000000,?,00BC1444,?,00B0FDF5,?,?,00AFA976,00000010,00BC1440,00AF13FC,?,00AF13C6,?,00AF1129), ref: 00B23852
                                                                            • __freea.LIBCMT ref: 00B263EE
                                                                            • __freea.LIBCMT ref: 00B26413
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                            • String ID:
                                                                            • API String ID: 1414292761-0
                                                                            • Opcode ID: 5bac7413a76587944b83ce3069cee2da5b99103ea72230d660d5d4ec1140eb6a
                                                                            • Instruction ID: acd7c51c0d03ab8d3fc2a8dbe3f2a03c5508df6c396f18b03a7fb64a25e3d856
                                                                            • Opcode Fuzzy Hash: 5bac7413a76587944b83ce3069cee2da5b99103ea72230d660d5d4ec1140eb6a
                                                                            • Instruction Fuzzy Hash: 1051D372600226ABDB259F68EC81EBF7BE9EF44750F1546A9FC09D7180EB34DC41C6A4
                                                                            APIs
                                                                              • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                              • Part of subcall function 00B7C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B7B6AE,?,?), ref: 00B7C9B5
                                                                              • Part of subcall function 00B7C998: _wcslen.LIBCMT ref: 00B7C9F1
                                                                              • Part of subcall function 00B7C998: _wcslen.LIBCMT ref: 00B7CA68
                                                                              • Part of subcall function 00B7C998: _wcslen.LIBCMT ref: 00B7CA9E
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B7BCCA
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B7BD25
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00B7BD6A
                                                                            • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00B7BD99
                                                                            • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00B7BDF3
                                                                            • RegCloseKey.ADVAPI32(?), ref: 00B7BDFF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                            • String ID:
                                                                            • API String ID: 1120388591-0
                                                                            • Opcode ID: 813b48bf623a461da933f9b75082d4770042cdf32486c9bd95b74a94c553f28f
                                                                            • Instruction ID: a96c9d3a6fb9ae83dc2ed9f1c0f9a0861b44e705052809ae613d7fbea865d070
                                                                            • Opcode Fuzzy Hash: 813b48bf623a461da933f9b75082d4770042cdf32486c9bd95b74a94c553f28f
                                                                            • Instruction Fuzzy Hash: 5B819F70208241AFC714DF64C881E2ABBE5FF84308F1489ACF5694B2A2DB31ED45CF92
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(00000035), ref: 00B4F7B9
                                                                            • SysAllocString.OLEAUT32(00000001), ref: 00B4F860
                                                                            • VariantCopy.OLEAUT32(00B4FA64,00000000), ref: 00B4F889
                                                                            • VariantClear.OLEAUT32(00B4FA64), ref: 00B4F8AD
                                                                            • VariantCopy.OLEAUT32(00B4FA64,00000000), ref: 00B4F8B1
                                                                            • VariantClear.OLEAUT32(?), ref: 00B4F8BB
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearCopy$AllocInitString
                                                                            • String ID:
                                                                            • API String ID: 3859894641-0
                                                                            • Opcode ID: 69db0e8bad110cd6b95a4eeba767217f1bd8a80cb481f4f1a766988ec922ee92
                                                                            • Instruction ID: 1ad97f32bcba32d9ed4c473fc64760ec0d0d02535ba275aad7da6f355b58b8f5
                                                                            • Opcode Fuzzy Hash: 69db0e8bad110cd6b95a4eeba767217f1bd8a80cb481f4f1a766988ec922ee92
                                                                            • Instruction Fuzzy Hash: A751B335A00312EACF24AB65D8D5B39B7E4EF45310B2494A6F906DF292DB70CD40E7A6
                                                                            APIs
                                                                              • Part of subcall function 00AF7620: _wcslen.LIBCMT ref: 00AF7625
                                                                              • Part of subcall function 00AF6B57: _wcslen.LIBCMT ref: 00AF6B6A
                                                                            • GetOpenFileNameW.COMDLG32(00000058), ref: 00B694E5
                                                                            • _wcslen.LIBCMT ref: 00B69506
                                                                            • _wcslen.LIBCMT ref: 00B6952D
                                                                            • GetSaveFileNameW.COMDLG32(00000058), ref: 00B69585
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$FileName$OpenSave
                                                                            • String ID: X
                                                                            • API String ID: 83654149-3081909835
                                                                            • Opcode ID: d6414a928d41baf29b1655bd99a16229921be3c01b97aef7c67bcccb69241eae
                                                                            • Instruction ID: 64e7f25db3eedfbb69bd16dfee4755c32e2e127bfa64e720637af116a74e36f8
                                                                            • Opcode Fuzzy Hash: d6414a928d41baf29b1655bd99a16229921be3c01b97aef7c67bcccb69241eae
                                                                            • Instruction Fuzzy Hash: AEE1AE316083019FD724DF64C981A6AB7E4FF85310F0489ADF99A9B2A2DB34DD05CB92
                                                                            APIs
                                                                              • Part of subcall function 00B09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B09BB2
                                                                            • BeginPaint.USER32(?,?,?), ref: 00B09241
                                                                            • GetWindowRect.USER32(?,?), ref: 00B092A5
                                                                            • ScreenToClient.USER32(?,?), ref: 00B092C2
                                                                            • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00B092D3
                                                                            • EndPaint.USER32(?,?,?,?,?), ref: 00B09321
                                                                            • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00B471EA
                                                                              • Part of subcall function 00B09339: BeginPath.GDI32(00000000), ref: 00B09357
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                            • String ID:
                                                                            • API String ID: 3050599898-0
                                                                            • Opcode ID: ccb43aa942f410dd7b802ffcfe38cbea83b0c1ab7e4bf785264173d37ad4dbd8
                                                                            • Instruction ID: 1219da594c0523170800aa8c0fa02ce7f6ede4ebe78c64ceb8950118f8d28f54
                                                                            • Opcode Fuzzy Hash: ccb43aa942f410dd7b802ffcfe38cbea83b0c1ab7e4bf785264173d37ad4dbd8
                                                                            • Instruction Fuzzy Hash: 7E419F70104200AFD721DF28DC88FAA7FE8EF4A720F1406A9F965972F2CB719945DB61
                                                                            APIs
                                                                            • InterlockedExchange.KERNEL32(?,000001F5), ref: 00B6080C
                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00B60847
                                                                            • EnterCriticalSection.KERNEL32(?), ref: 00B60863
                                                                            • LeaveCriticalSection.KERNEL32(?), ref: 00B608DC
                                                                            • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00B608F3
                                                                            • InterlockedExchange.KERNEL32(?,000001F6), ref: 00B60921
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                            • String ID:
                                                                            • API String ID: 3368777196-0
                                                                            • Opcode ID: 31fd62f44fef3b338080e037d9c2a11e263002193fd3e6e49e06361949031d7f
                                                                            • Instruction ID: df51f7db9e776097803ed9693298189e13f90c98f4ce03b5395723ce01368890
                                                                            • Opcode Fuzzy Hash: 31fd62f44fef3b338080e037d9c2a11e263002193fd3e6e49e06361949031d7f
                                                                            • Instruction Fuzzy Hash: 75419A71A00205EBDF14EF55DC85AAA7BB9FF04310F1040A9ED00AB2A7DB74DE64CBA0
                                                                            APIs
                                                                            • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00B4F3AB,00000000,?,?,00000000,?,00B4682C,00000004,00000000,00000000), ref: 00B8824C
                                                                            • EnableWindow.USER32(?,00000000), ref: 00B88272
                                                                            • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00B882D1
                                                                            • ShowWindow.USER32(?,00000004), ref: 00B882E5
                                                                            • EnableWindow.USER32(?,00000001), ref: 00B8830B
                                                                            • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00B8832F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Show$Enable$MessageSend
                                                                            • String ID:
                                                                            • API String ID: 642888154-0
                                                                            • Opcode ID: 84db06db08c2727cf09a95c5b2f9bbf662429f171abc1ed9f9f10f54f23cda1f
                                                                            • Instruction ID: ba4a1266fa86500f08e4a6a10ee4c36ef20aa904b097ad96353dbf93ec0ad0aa
                                                                            • Opcode Fuzzy Hash: 84db06db08c2727cf09a95c5b2f9bbf662429f171abc1ed9f9f10f54f23cda1f
                                                                            • Instruction Fuzzy Hash: 3A41A174601644EFDB22EF18D899FA47BE0FB4A715F5842E9F5089B2B2CB71A841CF50
                                                                            APIs
                                                                            • IsWindowVisible.USER32(?), ref: 00B54C95
                                                                            • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00B54CB2
                                                                            • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00B54CEA
                                                                            • _wcslen.LIBCMT ref: 00B54D08
                                                                            • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00B54D10
                                                                            • _wcsstr.LIBVCRUNTIME ref: 00B54D1A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                            • String ID:
                                                                            • API String ID: 72514467-0
                                                                            • Opcode ID: 400c6669fd4ff13e9f3de325866f66b1b3faee6db34eb36865cea71753bd5ad9
                                                                            • Instruction ID: 5bbd078f14f8e098552ec733a135ddd9ca53dca9d499ced4e05169cc5041606f
                                                                            • Opcode Fuzzy Hash: 400c6669fd4ff13e9f3de325866f66b1b3faee6db34eb36865cea71753bd5ad9
                                                                            • Instruction Fuzzy Hash: A121B072204201BBEB259B29EC49B7B7FE8DF45755F1080F9FC05CB1A1EB61DC8496A0
                                                                            APIs
                                                                              • Part of subcall function 00AF3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00AF3A97,?,?,00AF2E7F,?,?,?,00000000), ref: 00AF3AC2
                                                                            • _wcslen.LIBCMT ref: 00B6587B
                                                                            • CoInitialize.OLE32(00000000), ref: 00B65995
                                                                            • CoCreateInstance.OLE32(00B8FCF8,00000000,00000001,00B8FB68,?), ref: 00B659AE
                                                                            • CoUninitialize.OLE32 ref: 00B659CC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                            • String ID: .lnk
                                                                            • API String ID: 3172280962-24824748
                                                                            • Opcode ID: f82e678307cc8fb82ed5999bd81eb3bc4c7af709129c69b2c3b122331f627277
                                                                            • Instruction ID: 21b9502969459b8e38cbb358a533f131347d3e6836ffaad7f37f9457c8dd691a
                                                                            • Opcode Fuzzy Hash: f82e678307cc8fb82ed5999bd81eb3bc4c7af709129c69b2c3b122331f627277
                                                                            • Instruction Fuzzy Hash: 24D172716087059FC724DF64C580A2EBBE1EF89710F14889DF88A9B3A1DB35EC45CB92
                                                                            APIs
                                                                              • Part of subcall function 00B50FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00B50FCA
                                                                              • Part of subcall function 00B50FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00B50FD6
                                                                              • Part of subcall function 00B50FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00B50FE5
                                                                              • Part of subcall function 00B50FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00B50FEC
                                                                              • Part of subcall function 00B50FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00B51002
                                                                            • GetLengthSid.ADVAPI32(?,00000000,00B51335), ref: 00B517AE
                                                                            • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00B517BA
                                                                            • HeapAlloc.KERNEL32(00000000), ref: 00B517C1
                                                                            • CopySid.ADVAPI32(00000000,00000000,?), ref: 00B517DA
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000,00B51335), ref: 00B517EE
                                                                            • HeapFree.KERNEL32(00000000), ref: 00B517F5
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                            • String ID:
                                                                            • API String ID: 3008561057-0
                                                                            • Opcode ID: 8ec6de428256fbc7c6ac3d2da7e8f0efca83f8afcf954e7e690eaa7b5927c179
                                                                            • Instruction ID: 4492430f28cfb62f914fc5f56b9777cb73a723139a0bafc09f24e40a0f29a475
                                                                            • Opcode Fuzzy Hash: 8ec6de428256fbc7c6ac3d2da7e8f0efca83f8afcf954e7e690eaa7b5927c179
                                                                            • Instruction Fuzzy Hash: FC11B1B1500205FFDB10DFACCC89BAE7BE9EB49356F104598F941A7120CB359D48CB60
                                                                            APIs
                                                                            • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00B514FF
                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00B51506
                                                                            • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00B51515
                                                                            • CloseHandle.KERNEL32(00000004), ref: 00B51520
                                                                            • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00B5154F
                                                                            • DestroyEnvironmentBlock.USERENV(00000000), ref: 00B51563
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                            • String ID:
                                                                            • API String ID: 1413079979-0
                                                                            • Opcode ID: a0c9734f4ee536813268d82ea1af1c4422221a4eedb596e2fe241d78e109559e
                                                                            • Instruction ID: 65beb8449aa8c8c1e33dc6c63974db4cd85e992e9a1860fe3f27c994b435dd8f
                                                                            • Opcode Fuzzy Hash: a0c9734f4ee536813268d82ea1af1c4422221a4eedb596e2fe241d78e109559e
                                                                            • Instruction Fuzzy Hash: B71186B2100209ABDF11CFA8ED49FDE3BA9EF48749F0440A4FE05A2160D775CE65EB60
                                                                            APIs
                                                                            • GetLastError.KERNEL32(?,?,00B13379,00B12FE5), ref: 00B13390
                                                                            • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00B1339E
                                                                            • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00B133B7
                                                                            • SetLastError.KERNEL32(00000000,?,00B13379,00B12FE5), ref: 00B13409
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLastValue___vcrt_
                                                                            • String ID:
                                                                            • API String ID: 3852720340-0
                                                                            • Opcode ID: e8b9d8ec2c1f879e845d6e42815ef76dbdc01a2ea2f749eb22e91f24222c3502
                                                                            • Instruction ID: ce5c30dd7ed02851aa2955a7cd9b1dd60da55257f5c8f8644d9913b32e2c1b46
                                                                            • Opcode Fuzzy Hash: e8b9d8ec2c1f879e845d6e42815ef76dbdc01a2ea2f749eb22e91f24222c3502
                                                                            • Instruction Fuzzy Hash: B201B53260D711BFAA153BB47C855D62ED4DB05B757E003A9F420862F0FF614D82955C
                                                                            APIs
                                                                            • GetLastError.KERNEL32(?,?,00B25686,00B33CD6,?,00000000,?,00B25B6A,?,?,?,?,?,00B1E6D1,?,00BB8A48), ref: 00B22D78
                                                                            • _free.LIBCMT ref: 00B22DAB
                                                                            • _free.LIBCMT ref: 00B22DD3
                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,00B1E6D1,?,00BB8A48,00000010,00AF4F4A,?,?,00000000,00B33CD6), ref: 00B22DE0
                                                                            • SetLastError.KERNEL32(00000000,?,?,?,?,00B1E6D1,?,00BB8A48,00000010,00AF4F4A,?,?,00000000,00B33CD6), ref: 00B22DEC
                                                                            • _abort.LIBCMT ref: 00B22DF2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$_free$_abort
                                                                            • String ID:
                                                                            • API String ID: 3160817290-0
                                                                            • Opcode ID: 27acf126720caf9528d7acc64ceaa5b57ddd915c27115e160d83a85cd93490f9
                                                                            • Instruction ID: bd818767bb2afb3ee640ff2639ccd80f36ddfaccfa84cb275e64bbd7ff2bc282
                                                                            • Opcode Fuzzy Hash: 27acf126720caf9528d7acc64ceaa5b57ddd915c27115e160d83a85cd93490f9
                                                                            • Instruction Fuzzy Hash: 2FF0CD3550453077C21277387C06E5A19D9EFC17E1F2405B8F82CE31E6DF3488424170
                                                                            APIs
                                                                              • Part of subcall function 00B09639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00B09693
                                                                              • Part of subcall function 00B09639: SelectObject.GDI32(?,00000000), ref: 00B096A2
                                                                              • Part of subcall function 00B09639: BeginPath.GDI32(?), ref: 00B096B9
                                                                              • Part of subcall function 00B09639: SelectObject.GDI32(?,00000000), ref: 00B096E2
                                                                            • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00B88A4E
                                                                            • LineTo.GDI32(?,00000003,00000000), ref: 00B88A62
                                                                            • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00B88A70
                                                                            • LineTo.GDI32(?,00000000,00000003), ref: 00B88A80
                                                                            • EndPath.GDI32(?), ref: 00B88A90
                                                                            • StrokePath.GDI32(?), ref: 00B88AA0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                            • String ID:
                                                                            • API String ID: 43455801-0
                                                                            • Opcode ID: b4a2e3bdbc48ef41e3d502f861e8a48f175e9d57e16a2dcbc46a3cd0a1da2cc1
                                                                            • Instruction ID: 8468e46765e48eca21ef86f45702aeaa4b9a2eebbb50404903e47c0a8441dfbe
                                                                            • Opcode Fuzzy Hash: b4a2e3bdbc48ef41e3d502f861e8a48f175e9d57e16a2dcbc46a3cd0a1da2cc1
                                                                            • Instruction Fuzzy Hash: DA11C976000109FFDB129F94DC88EAA7FADEB08394F048052BA199A1B1CB719D55DBA0
                                                                            APIs
                                                                            • GetDC.USER32(00000000), ref: 00B55218
                                                                            • GetDeviceCaps.GDI32(00000000,00000058), ref: 00B55229
                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00B55230
                                                                            • ReleaseDC.USER32(00000000,00000000), ref: 00B55238
                                                                            • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00B5524F
                                                                            • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00B55261
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CapsDevice$Release
                                                                            • String ID:
                                                                            • API String ID: 1035833867-0
                                                                            • Opcode ID: 7b3ea371329bcd715253af2a063b429944d6cb1a250783c18d6b7cde38b7ad02
                                                                            • Instruction ID: 4b8b3108c03c66066ca8ab6aef52ece39033229a5261bedb0759e146e29e8143
                                                                            • Opcode Fuzzy Hash: 7b3ea371329bcd715253af2a063b429944d6cb1a250783c18d6b7cde38b7ad02
                                                                            • Instruction Fuzzy Hash: CA018FB5A00708BBEB109BB59C49B5EBFB8EF48352F0440A5FA04E7290DA709804CBA0
                                                                            APIs
                                                                            • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00AF1BF4
                                                                            • MapVirtualKeyW.USER32(00000010,00000000), ref: 00AF1BFC
                                                                            • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00AF1C07
                                                                            • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00AF1C12
                                                                            • MapVirtualKeyW.USER32(00000011,00000000), ref: 00AF1C1A
                                                                            • MapVirtualKeyW.USER32(00000012,00000000), ref: 00AF1C22
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Virtual
                                                                            • String ID:
                                                                            • API String ID: 4278518827-0
                                                                            • Opcode ID: 70996a36987aa5278b13c1698392f7fccb8d7d2ec8d75c5ae2e6852a041da42a
                                                                            • Instruction ID: 07db78ddd236482f6ee64c1b09ed5045a48b8942df6f0547166e5f8183b67767
                                                                            • Opcode Fuzzy Hash: 70996a36987aa5278b13c1698392f7fccb8d7d2ec8d75c5ae2e6852a041da42a
                                                                            • Instruction Fuzzy Hash: C1016CB09027597DE3008F5A8C85B52FFA8FF19354F00411B915C47941C7F5A864CBE5
                                                                            APIs
                                                                            • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00B5EB30
                                                                            • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00B5EB46
                                                                            • GetWindowThreadProcessId.USER32(?,?), ref: 00B5EB55
                                                                            • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00B5EB64
                                                                            • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00B5EB6E
                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00B5EB75
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                            • String ID:
                                                                            • API String ID: 839392675-0
                                                                            • Opcode ID: 99001ac1e5ffb78a9f17b0e566b7e46bf4eb604ca44cbd2d4fc955d675e7a1b5
                                                                            • Instruction ID: 7d7c40f5379fbe029cd8bb50b368f8f80513d90e0ea98b68db811decfe87c421
                                                                            • Opcode Fuzzy Hash: 99001ac1e5ffb78a9f17b0e566b7e46bf4eb604ca44cbd2d4fc955d675e7a1b5
                                                                            • Instruction Fuzzy Hash: C0F01DB2140158BBE62157529C4DEAB3E7CEBCAB11F000168F611E20A1EBB05A01C7B5
                                                                            APIs
                                                                            • GetClientRect.USER32(?), ref: 00B47452
                                                                            • SendMessageW.USER32(?,00001328,00000000,?), ref: 00B47469
                                                                            • GetWindowDC.USER32(?), ref: 00B47475
                                                                            • GetPixel.GDI32(00000000,?,?), ref: 00B47484
                                                                            • ReleaseDC.USER32(?,00000000), ref: 00B47496
                                                                            • GetSysColor.USER32(00000005), ref: 00B474B0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                            • String ID:
                                                                            • API String ID: 272304278-0
                                                                            • Opcode ID: bb860d815f871da57233c9b389d75ba2d466577206010e974155f86e69312075
                                                                            • Instruction ID: 610e3e892977905e479aac363df0d1f902cd27b0d997e584970e3da3e495c4da
                                                                            • Opcode Fuzzy Hash: bb860d815f871da57233c9b389d75ba2d466577206010e974155f86e69312075
                                                                            • Instruction Fuzzy Hash: BF012471400215EFEB519FA4EC09BAA7FB6FB04321F6145A4F926A32B1CF311E51EB60
                                                                            APIs
                                                                            • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00B5187F
                                                                            • UnloadUserProfile.USERENV(?,?), ref: 00B5188B
                                                                            • CloseHandle.KERNEL32(?), ref: 00B51894
                                                                            • CloseHandle.KERNEL32(?), ref: 00B5189C
                                                                            • GetProcessHeap.KERNEL32(00000000,?), ref: 00B518A5
                                                                            • HeapFree.KERNEL32(00000000), ref: 00B518AC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                            • String ID:
                                                                            • API String ID: 146765662-0
                                                                            • Opcode ID: 90d0337fa7b2232d13ceb27c9256aa200e3d09f6c171f1e26c9b78606a578e3e
                                                                            • Instruction ID: 5eb44693af8d6c71866a825734d3887bc32976952b66d1f89f4df08b4fbbe638
                                                                            • Opcode Fuzzy Hash: 90d0337fa7b2232d13ceb27c9256aa200e3d09f6c171f1e26c9b78606a578e3e
                                                                            • Instruction Fuzzy Hash: 5DE0E5B6004101FBDB016FA1ED0CD0ABF39FF49B22B108220F22592474CF329421EF60
                                                                            APIs
                                                                              • Part of subcall function 00AF7620: _wcslen.LIBCMT ref: 00AF7625
                                                                            • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00B5C6EE
                                                                            • _wcslen.LIBCMT ref: 00B5C735
                                                                            • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00B5C79C
                                                                            • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00B5C7CA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ItemMenu$Info_wcslen$Default
                                                                            • String ID: 0
                                                                            • API String ID: 1227352736-4108050209
                                                                            • Opcode ID: 197f970677d7e47a83936efbd5c9a215460acb63e2bbef5daa4aab35d491c1b5
                                                                            • Instruction ID: b08d77f7a0d48932db1b8a26ef4fd8934f3e89657eace2c54ba662f2fbc93493
                                                                            • Opcode Fuzzy Hash: 197f970677d7e47a83936efbd5c9a215460acb63e2bbef5daa4aab35d491c1b5
                                                                            • Instruction Fuzzy Hash: 6B51CC716043019FD7219F28C885B6ABBE9EB89311F040AEDFD95E35A1DB70DD08CB92
                                                                            APIs
                                                                            • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00B57206
                                                                            • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00B5723C
                                                                            • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00B5724D
                                                                            • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00B572CF
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$AddressCreateInstanceProc
                                                                            • String ID: DllGetClassObject
                                                                            • API String ID: 753597075-1075368562
                                                                            • Opcode ID: e02f37f5a6451f6adb1f1e2e897b97cfe48e337ebb5b64958fa0aac74d21e28c
                                                                            • Instruction ID: d24bee20a601184a60e1a5076a6d5d23c0133a152834f8179b7407f3053533ea
                                                                            • Opcode Fuzzy Hash: e02f37f5a6451f6adb1f1e2e897b97cfe48e337ebb5b64958fa0aac74d21e28c
                                                                            • Instruction Fuzzy Hash: 97419DB1644204AFDB15CF54D884B9A7BE9EF45311F1080E9BD099F20ADBB1D949CBA0
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00B83E35
                                                                            • IsMenu.USER32(?), ref: 00B83E4A
                                                                            • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00B83E92
                                                                            • DrawMenuBar.USER32 ref: 00B83EA5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Item$DrawInfoInsert
                                                                            • String ID: 0
                                                                            • API String ID: 3076010158-4108050209
                                                                            • Opcode ID: 58f764e6427d08f116f2927cc1ae33de1e5e78a9d0e21cbad520501745a9159f
                                                                            • Instruction ID: 01d72a3cf105600870305a4641dc51d3667c2806282a2811341c488c7b1b70dc
                                                                            • Opcode Fuzzy Hash: 58f764e6427d08f116f2927cc1ae33de1e5e78a9d0e21cbad520501745a9159f
                                                                            • Instruction Fuzzy Hash: BF4156B5A00209EFDB10EF54D884EEABBF9FF59B51F0440A9E905A7260D730AE41CB60
                                                                            APIs
                                                                              • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                              • Part of subcall function 00B53CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00B53CCA
                                                                            • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00B51E66
                                                                            • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00B51E79
                                                                            • SendMessageW.USER32(?,00000189,?,00000000), ref: 00B51EA9
                                                                              • Part of subcall function 00AF6B57: _wcslen.LIBCMT ref: 00AF6B6A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$_wcslen$ClassName
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 2081771294-1403004172
                                                                            • Opcode ID: 3d8ed8a55191a3a517179d359cd9c05240ade51f1f26bc28a76f3ba0560a8048
                                                                            • Instruction ID: 83b11c21d984b0b306776104c069ae81d6cf642c1e9b3017e623f7dab79864ad
                                                                            • Opcode Fuzzy Hash: 3d8ed8a55191a3a517179d359cd9c05240ade51f1f26bc28a76f3ba0560a8048
                                                                            • Instruction Fuzzy Hash: D0212671A00108AEDB14ABA4CD86FFFBBF9DF45350B1045A9FC25A31E0DB34490EC620
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00B82F8D
                                                                            • LoadLibraryW.KERNEL32(?), ref: 00B82F94
                                                                            • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00B82FA9
                                                                            • DestroyWindow.USER32(?), ref: 00B82FB1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                            • String ID: SysAnimate32
                                                                            • API String ID: 3529120543-1011021900
                                                                            • Opcode ID: 9648ab72ba3ef002d794519cd68b5662a09539cf4cac80c9f145a2274e93a126
                                                                            • Instruction ID: a2bee3d5e5647f37a421a8e9b015ab109f019f96ad8f5ef8893e76ff4a356f92
                                                                            • Opcode Fuzzy Hash: 9648ab72ba3ef002d794519cd68b5662a09539cf4cac80c9f145a2274e93a126
                                                                            • Instruction Fuzzy Hash: C3215871204209ABEB106FA49C84EBB77F9EF59364F104668FA50971A0DA71DC51D760
                                                                            APIs
                                                                            • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00B14D1E,00B228E9,?,00B14CBE,00B228E9,00BB88B8,0000000C,00B14E15,00B228E9,00000002), ref: 00B14D8D
                                                                            • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00B14DA0
                                                                            • FreeLibrary.KERNEL32(00000000,?,?,?,00B14D1E,00B228E9,?,00B14CBE,00B228E9,00BB88B8,0000000C,00B14E15,00B228E9,00000002,00000000), ref: 00B14DC3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                            • API String ID: 4061214504-1276376045
                                                                            • Opcode ID: 864c30660128b20c44e89b3ec3c0a6b9d291136ca98447c6afacb2c88317b0b1
                                                                            • Instruction ID: e274d44d4f318d2c9bf7e0176339e95ad55e5a6c5db22bcb6b16f74a21ed004c
                                                                            • Opcode Fuzzy Hash: 864c30660128b20c44e89b3ec3c0a6b9d291136ca98447c6afacb2c88317b0b1
                                                                            • Instruction Fuzzy Hash: 2CF03C75A50208ABDB11AB90EC49BEEBFE5EF44752F4001A8B909A2260CF745D84CBA1
                                                                            APIs
                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00AF4EDD,?,00BC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AF4E9C
                                                                            • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00AF4EAE
                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00AF4EDD,?,00BC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AF4EC0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Library$AddressFreeLoadProc
                                                                            • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                            • API String ID: 145871493-3689287502
                                                                            • Opcode ID: 18073e3fcfebbbb29f88a9e3900fc6bd245a5c44f86e0d6a432c457ed24dee7a
                                                                            • Instruction ID: a9ae591659542f8c4610e34e87372fc0d9ecc97d5020afbef72a1885a9c3c862
                                                                            • Opcode Fuzzy Hash: 18073e3fcfebbbb29f88a9e3900fc6bd245a5c44f86e0d6a432c457ed24dee7a
                                                                            • Instruction Fuzzy Hash: F1E08675A055225B93322B65BC5CBBF6994AF85F627050115FE04E3220DF74CD05C2B0
                                                                            APIs
                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00B33CDE,?,00BC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AF4E62
                                                                            • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00AF4E74
                                                                            • FreeLibrary.KERNEL32(00000000,?,?,00B33CDE,?,00BC1418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00AF4E87
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Library$AddressFreeLoadProc
                                                                            • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                            • API String ID: 145871493-1355242751
                                                                            • Opcode ID: 595a1f2d8a7f810825798274fcb3ed6c77ce27c808521131777eb9fd29d736fb
                                                                            • Instruction ID: 1d3acc90bef30f2bc5fb1c315581cebb55285a01a6a4ac710f2f4110215db910
                                                                            • Opcode Fuzzy Hash: 595a1f2d8a7f810825798274fcb3ed6c77ce27c808521131777eb9fd29d736fb
                                                                            • Instruction Fuzzy Hash: 23D0C231502A215747322B24BC1CEEB2E58AF89F113050210FA04B3130CF70CD05C3F0
                                                                            APIs
                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00B62C05
                                                                            • DeleteFileW.KERNEL32(?), ref: 00B62C87
                                                                            • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00B62C9D
                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00B62CAE
                                                                            • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00B62CC0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: File$Delete$Copy
                                                                            • String ID:
                                                                            • API String ID: 3226157194-0
                                                                            • Opcode ID: ced5f229bd7ad03244c97e890294fb66c05863e8e36367d27b3fd381a6c77f4f
                                                                            • Instruction ID: 3f146337db4aefa95e1bbfd11fe2d69e4a6db04b23181eac968a90e8b1f58b91
                                                                            • Opcode Fuzzy Hash: ced5f229bd7ad03244c97e890294fb66c05863e8e36367d27b3fd381a6c77f4f
                                                                            • Instruction Fuzzy Hash: 14B14D72D0051DABDF21DFA4CD85EEEBBBDEF48350F1040A6F609E6151EA349A848F61
                                                                            APIs
                                                                            • GetCurrentProcessId.KERNEL32 ref: 00B7A427
                                                                            • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00B7A435
                                                                            • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00B7A468
                                                                            • CloseHandle.KERNEL32(?), ref: 00B7A63D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$CloseCountersCurrentHandleOpen
                                                                            • String ID:
                                                                            • API String ID: 3488606520-0
                                                                            • Opcode ID: c7e91887469bbabd8d4e25ea5637f01b911fb4f166bd58c875d1ddd4400dc996
                                                                            • Instruction ID: 88c3fde17cc74649e2f9249c22a6a38f01322f360f58130e6e754a663aaf3038
                                                                            • Opcode Fuzzy Hash: c7e91887469bbabd8d4e25ea5637f01b911fb4f166bd58c875d1ddd4400dc996
                                                                            • Instruction Fuzzy Hash: AAA17D716043019FD720DF24C986B2AB7E5AF84714F14885DFA6A9B3D2DBB0ED41CB92
                                                                            APIs
                                                                            • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00B93700), ref: 00B2BB91
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00BC121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00B2BC09
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00BC1270,000000FF,?,0000003F,00000000,?), ref: 00B2BC36
                                                                            • _free.LIBCMT ref: 00B2BB7F
                                                                              • Part of subcall function 00B229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000), ref: 00B229DE
                                                                              • Part of subcall function 00B229C8: GetLastError.KERNEL32(00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000,00000000), ref: 00B229F0
                                                                            • _free.LIBCMT ref: 00B2BD4B
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                            • String ID:
                                                                            • API String ID: 1286116820-0
                                                                            • Opcode ID: 1487f6443fce92250b1e45804aa2fcef002240f667cf482f43429f38d641ef3f
                                                                            • Instruction ID: c51a8a928aaa801517960c9f9d1430da497fc4f3f64af6199152d80bc7b490e3
                                                                            • Opcode Fuzzy Hash: 1487f6443fce92250b1e45804aa2fcef002240f667cf482f43429f38d641ef3f
                                                                            • Instruction Fuzzy Hash: 4151F971900229AFCB14EF69AC81DAEB7FCEF45350B1046EAE558E71A1EF309D41CB50
                                                                            APIs
                                                                              • Part of subcall function 00B5DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00B5CF22,?), ref: 00B5DDFD
                                                                              • Part of subcall function 00B5DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00B5CF22,?), ref: 00B5DE16
                                                                              • Part of subcall function 00B5E199: GetFileAttributesW.KERNEL32(?,00B5CF95), ref: 00B5E19A
                                                                            • lstrcmpiW.KERNEL32(?,?), ref: 00B5E473
                                                                            • MoveFileW.KERNEL32(?,?), ref: 00B5E4AC
                                                                            • _wcslen.LIBCMT ref: 00B5E5EB
                                                                            • _wcslen.LIBCMT ref: 00B5E603
                                                                            • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00B5E650
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                            • String ID:
                                                                            • API String ID: 3183298772-0
                                                                            • Opcode ID: dab5757c2a5d8ca04c9f9bfd603220b5eb31821809990cfdebf12e07d31d4499
                                                                            • Instruction ID: 978772cd1cc6f0dd07ef5d23ead01f31252226fab912fd22d413080491a489f1
                                                                            • Opcode Fuzzy Hash: dab5757c2a5d8ca04c9f9bfd603220b5eb31821809990cfdebf12e07d31d4499
                                                                            • Instruction Fuzzy Hash: 025151B24083455BC728DB90D881ADFB3ECAF84341F40499EFA99D3191EF74E68C8766
                                                                            APIs
                                                                              • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                              • Part of subcall function 00B7C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00B7B6AE,?,?), ref: 00B7C9B5
                                                                              • Part of subcall function 00B7C998: _wcslen.LIBCMT ref: 00B7C9F1
                                                                              • Part of subcall function 00B7C998: _wcslen.LIBCMT ref: 00B7CA68
                                                                              • Part of subcall function 00B7C998: _wcslen.LIBCMT ref: 00B7CA9E
                                                                            • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00B7BAA5
                                                                            • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00B7BB00
                                                                            • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00B7BB63
                                                                            • RegCloseKey.ADVAPI32(?,?), ref: 00B7BBA6
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 00B7BBB3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                            • String ID:
                                                                            • API String ID: 826366716-0
                                                                            • Opcode ID: cd3fe9a2c048eef5cedd3061bc38fcf2a846714ce2488787e7f09bbb045c64ff
                                                                            • Instruction ID: 4e9fe26d73fbbea724d99029250561ab1998227546a2bb032b1a76972ca41627
                                                                            • Opcode Fuzzy Hash: cd3fe9a2c048eef5cedd3061bc38fcf2a846714ce2488787e7f09bbb045c64ff
                                                                            • Instruction Fuzzy Hash: F6618A71208205AFC314DF54C490F2ABBE5FF84348F1485ACF4A98B2A2DB31ED45CB92
                                                                            APIs
                                                                            • VariantInit.OLEAUT32(?), ref: 00B58BCD
                                                                            • VariantClear.OLEAUT32 ref: 00B58C3E
                                                                            • VariantClear.OLEAUT32 ref: 00B58C9D
                                                                            • VariantClear.OLEAUT32(?), ref: 00B58D10
                                                                            • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00B58D3B
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$Clear$ChangeInitType
                                                                            • String ID:
                                                                            • API String ID: 4136290138-0
                                                                            • Opcode ID: e141f89c0c254ec18f6d89e50b609596462e1e98a6c273aa74fc4df9be80add8
                                                                            • Instruction ID: 70da201ee37d9d7f1d5056012d5c3db6a4e43cec70bb9e6f73560dc78fa295ed
                                                                            • Opcode Fuzzy Hash: e141f89c0c254ec18f6d89e50b609596462e1e98a6c273aa74fc4df9be80add8
                                                                            • Instruction Fuzzy Hash: 5A515CB5A00219EFCB14CF58D894AAAB7F5FF89310B1585A9ED05EB350E730E911CF90
                                                                            APIs
                                                                            • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00B68BAE
                                                                            • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00B68BDA
                                                                            • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00B68C32
                                                                            • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00B68C57
                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00B68C5F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: PrivateProfile$SectionWrite$String
                                                                            • String ID:
                                                                            • API String ID: 2832842796-0
                                                                            • Opcode ID: 9710d96525431cd98383dd8f82a0acf9cb0b094b26c16aec89509e0d38b1e4e0
                                                                            • Instruction ID: 8285e9014c90119b705bc50286d7b02655ce46bb5391bf4b8b74c882cf562db9
                                                                            • Opcode Fuzzy Hash: 9710d96525431cd98383dd8f82a0acf9cb0b094b26c16aec89509e0d38b1e4e0
                                                                            • Instruction Fuzzy Hash: 60513B35A002199FCB11DF65C980A6DBBF5FF48314F088498E94AAB3A2CB35ED45CB90
                                                                            APIs
                                                                            • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00B78F40
                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00B78FD0
                                                                            • GetProcAddress.KERNEL32(00000000,00000000), ref: 00B78FEC
                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00B79032
                                                                            • FreeLibrary.KERNEL32(00000000), ref: 00B79052
                                                                              • Part of subcall function 00B0F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00B61043,?,7529E610), ref: 00B0F6E6
                                                                              • Part of subcall function 00B0F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00B4FA64,00000000,00000000,?,?,00B61043,?,7529E610,?,00B4FA64), ref: 00B0F70D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                            • String ID:
                                                                            • API String ID: 666041331-0
                                                                            • Opcode ID: 8e2a19fc15d4712c85a26b755df4e9e602a7407aed5d846c909022c1b98344d3
                                                                            • Instruction ID: c37bfb41771aa2849232cd1fb38eb30ab9745bed0b8441c8181dcc1f95c89aa2
                                                                            • Opcode Fuzzy Hash: 8e2a19fc15d4712c85a26b755df4e9e602a7407aed5d846c909022c1b98344d3
                                                                            • Instruction Fuzzy Hash: 48512835604209DFCB15EF58C4949ADBBF1FF49314B0480A9E91AAB362DB31ED86CB91
                                                                            APIs
                                                                            • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00B86C33
                                                                            • SetWindowLongW.USER32(?,000000EC,?), ref: 00B86C4A
                                                                            • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00B86C73
                                                                            • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00B6AB79,00000000,00000000), ref: 00B86C98
                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00B86CC7
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Long$MessageSendShow
                                                                            • String ID:
                                                                            • API String ID: 3688381893-0
                                                                            • Opcode ID: 42aeef7024fc04daff9ed93f3b7a400d15321233a7d3c6516ca846412508ece1
                                                                            • Instruction ID: 85e298e15235e958e5b6d46d87f843e1da6bd216fbf6c95b22337b9aad880e31
                                                                            • Opcode Fuzzy Hash: 42aeef7024fc04daff9ed93f3b7a400d15321233a7d3c6516ca846412508ece1
                                                                            • Instruction Fuzzy Hash: AD41BE75A04104AFDB24EF28CD99FA97FE5EB09360F1402A8F899A72F0D771AD41CB50
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free
                                                                            • String ID:
                                                                            • API String ID: 269201875-0
                                                                            • Opcode ID: 1553c09ae8c6e54ba0ea1a10cc66a3797bb765810174247462795404a8d03ab1
                                                                            • Instruction ID: a47c5fa59ac5aa76a18aab2140d822b662c4e05cff6de21c5284af19fe28e5e0
                                                                            • Opcode Fuzzy Hash: 1553c09ae8c6e54ba0ea1a10cc66a3797bb765810174247462795404a8d03ab1
                                                                            • Instruction Fuzzy Hash: 5A41D532A00210AFDB24DF78D881A5EB7F5EF89314F5545A8E519EB391DB31ED01CB80
                                                                            APIs
                                                                            • GetCursorPos.USER32(?), ref: 00B09141
                                                                            • ScreenToClient.USER32(00000000,?), ref: 00B0915E
                                                                            • GetAsyncKeyState.USER32(00000001), ref: 00B09183
                                                                            • GetAsyncKeyState.USER32(00000002), ref: 00B0919D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AsyncState$ClientCursorScreen
                                                                            • String ID:
                                                                            • API String ID: 4210589936-0
                                                                            • Opcode ID: 13fd4047c3227d93b408d518a8fcdcd3672379813319d24665e622248f6db9f5
                                                                            • Instruction ID: 8e403ac08533dff8752a31a8190f5122ae5ef2f241bce311044de0b83195085a
                                                                            • Opcode Fuzzy Hash: 13fd4047c3227d93b408d518a8fcdcd3672379813319d24665e622248f6db9f5
                                                                            • Instruction Fuzzy Hash: 3E413D71A0861ABBDF159F64C844BEEBBB4FF05320F208295E425B72E1CB346A50DB91
                                                                            APIs
                                                                            • GetInputState.USER32 ref: 00B638CB
                                                                            • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00B63922
                                                                            • TranslateMessage.USER32(?), ref: 00B6394B
                                                                            • DispatchMessageW.USER32(?), ref: 00B63955
                                                                            • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00B63966
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                            • String ID:
                                                                            • API String ID: 2256411358-0
                                                                            • Opcode ID: 30acf4c3cff2917906a473495127980a75223ca98d2c44a751bfafa3bb7b63bb
                                                                            • Instruction ID: 4fad07c3be97f88221946d586120b5125552c2e3c7cccc35a824e57f5ac95d39
                                                                            • Opcode Fuzzy Hash: 30acf4c3cff2917906a473495127980a75223ca98d2c44a751bfafa3bb7b63bb
                                                                            • Instruction Fuzzy Hash: 013186705043429EEB25CB349849FB63BE8EB16704F1409A9E463931E1EBB89A85CF21
                                                                            APIs
                                                                            • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 00B6CF38
                                                                            • InternetReadFile.WININET(?,00000000,?,?), ref: 00B6CF6F
                                                                            • GetLastError.KERNEL32(?,00000000,?,?,?,00B6C21E,00000000), ref: 00B6CFB4
                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,00B6C21E,00000000), ref: 00B6CFC8
                                                                            • SetEvent.KERNEL32(?,?,00000000,?,?,?,00B6C21E,00000000), ref: 00B6CFF2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                            • String ID:
                                                                            • API String ID: 3191363074-0
                                                                            • Opcode ID: 4497abe381f53b79f7d8be38089e74b6a6505bb85fd1581e2cafd87787cf4cc3
                                                                            • Instruction ID: e7b70123dab3796b0b05cfbd96daa85d05e5a78122b3d34202a753c8770b69d2
                                                                            • Opcode Fuzzy Hash: 4497abe381f53b79f7d8be38089e74b6a6505bb85fd1581e2cafd87787cf4cc3
                                                                            • Instruction Fuzzy Hash: 11314CB1600206EFDB20DFA5D8849BBBFF9EB14350B1044AEF556D3151DB34AE49DB60
                                                                            APIs
                                                                            • GetWindowRect.USER32(?,?), ref: 00B51915
                                                                            • PostMessageW.USER32(00000001,00000201,00000001), ref: 00B519C1
                                                                            • Sleep.KERNEL32(00000000,?,?,?), ref: 00B519C9
                                                                            • PostMessageW.USER32(00000001,00000202,00000000), ref: 00B519DA
                                                                            • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00B519E2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessagePostSleep$RectWindow
                                                                            • String ID:
                                                                            • API String ID: 3382505437-0
                                                                            • Opcode ID: f861d7d5631a70b0a727fb6c1040a8595b4a84c424e1e270c1fa2adfdbe2c532
                                                                            • Instruction ID: 69f90aea8137e44ef87efabccdaf4cdef518ff228da5308ca73d5b33dbd7daeb
                                                                            • Opcode Fuzzy Hash: f861d7d5631a70b0a727fb6c1040a8595b4a84c424e1e270c1fa2adfdbe2c532
                                                                            • Instruction Fuzzy Hash: 2A31AF71900219EFCB00CFACC999BDE7BB5EB44315F1046A9FE21A72D1C7709949CBA0
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00B85745
                                                                            • SendMessageW.USER32(?,00001074,?,00000001), ref: 00B8579D
                                                                            • _wcslen.LIBCMT ref: 00B857AF
                                                                            • _wcslen.LIBCMT ref: 00B857BA
                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00B85816
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$_wcslen
                                                                            • String ID:
                                                                            • API String ID: 763830540-0
                                                                            • Opcode ID: cffc8c315506615612f43dde74544aaa3f77b4e42f88d5f0dbc95e57133e220f
                                                                            • Instruction ID: 7f03d8eda2cf45a04d1221bf14bf4033724d7ce7a9bf0e577efd337caaa26df3
                                                                            • Opcode Fuzzy Hash: cffc8c315506615612f43dde74544aaa3f77b4e42f88d5f0dbc95e57133e220f
                                                                            • Instruction Fuzzy Hash: CD2185759046189ADF30AF64CC85AEDBBF8FF04724F108296E929EB1E4D7709985CF50
                                                                            APIs
                                                                            • IsWindow.USER32(00000000), ref: 00B70951
                                                                            • GetForegroundWindow.USER32 ref: 00B70968
                                                                            • GetDC.USER32(00000000), ref: 00B709A4
                                                                            • GetPixel.GDI32(00000000,?,00000003), ref: 00B709B0
                                                                            • ReleaseDC.USER32(00000000,00000003), ref: 00B709E8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ForegroundPixelRelease
                                                                            • String ID:
                                                                            • API String ID: 4156661090-0
                                                                            • Opcode ID: 408d3816d2bc33e338c5bbc00a80b4eae17d44acb28c26412fc1f5d91f02a23e
                                                                            • Instruction ID: 457867886700df875864493a16a7623a1b29aa534f23f99d33e0fb6272872b95
                                                                            • Opcode Fuzzy Hash: 408d3816d2bc33e338c5bbc00a80b4eae17d44acb28c26412fc1f5d91f02a23e
                                                                            • Instruction Fuzzy Hash: 1A218175600204EFD704EF69D984AAEBBF5EF44700F048469F95A97362DB34EC04CB60
                                                                            APIs
                                                                            • GetEnvironmentStringsW.KERNEL32 ref: 00B2CDC6
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00B2CDE9
                                                                              • Part of subcall function 00B23820: RtlAllocateHeap.NTDLL(00000000,?,00BC1444,?,00B0FDF5,?,?,00AFA976,00000010,00BC1440,00AF13FC,?,00AF13C6,?,00AF1129), ref: 00B23852
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00B2CE0F
                                                                            • _free.LIBCMT ref: 00B2CE22
                                                                            • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00B2CE31
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                            • String ID:
                                                                            • API String ID: 336800556-0
                                                                            • Opcode ID: 558a4c27f1e5255c26c73df7a9817385ded980da7d75cc8d7d2cd50f4d8b7c37
                                                                            • Instruction ID: 5e1fc84d871c7bfa5bae75d3be64033e262655789fe4a88aae436466f989465b
                                                                            • Opcode Fuzzy Hash: 558a4c27f1e5255c26c73df7a9817385ded980da7d75cc8d7d2cd50f4d8b7c37
                                                                            • Instruction Fuzzy Hash: 2A01D8B26012357F23212A767C8CC7F6DEDDEC6BA13160169F90DD7200DE719D0282B1
                                                                            APIs
                                                                            • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00B09693
                                                                            • SelectObject.GDI32(?,00000000), ref: 00B096A2
                                                                            • BeginPath.GDI32(?), ref: 00B096B9
                                                                            • SelectObject.GDI32(?,00000000), ref: 00B096E2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ObjectSelect$BeginCreatePath
                                                                            • String ID:
                                                                            • API String ID: 3225163088-0
                                                                            • Opcode ID: ff95362a2033ecea6dffcc9c9e52cbd3c29d946b26ef79050ba72202619b4b10
                                                                            • Instruction ID: dd44e17e731b3570edb62cc9b6acb9456e83513e2408c355e9430543c7278f08
                                                                            • Opcode Fuzzy Hash: ff95362a2033ecea6dffcc9c9e52cbd3c29d946b26ef79050ba72202619b4b10
                                                                            • Instruction Fuzzy Hash: C7217C70802305EBDB119F28EC48BA93FE8FB46755F100656F411B71F2DBB19892CBA4
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _memcmp
                                                                            • String ID:
                                                                            • API String ID: 2931989736-0
                                                                            • Opcode ID: 6423fbc2a78c01a2bf426029d8f1113b10f712768922db5031217a41a737854e
                                                                            • Instruction ID: 785b15f5eceb6208191e63b62121aa0b4f1dbf23c3c5460f70235e72c5a5d217
                                                                            • Opcode Fuzzy Hash: 6423fbc2a78c01a2bf426029d8f1113b10f712768922db5031217a41a737854e
                                                                            • Instruction Fuzzy Hash: 2B01F57174160ABBD2286515AD92FFB73DCDB24397F5000E0FE049A255F720EE54C7A4
                                                                            APIs
                                                                            • GetSysColor.USER32(00000008), ref: 00B098CC
                                                                            • SetTextColor.GDI32(?,?), ref: 00B098D6
                                                                            • SetBkMode.GDI32(?,00000001), ref: 00B098E9
                                                                            • GetStockObject.GDI32(00000005), ref: 00B098F1
                                                                            • GetWindowLongW.USER32(?,000000EB), ref: 00B09952
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Color$LongModeObjectStockTextWindow
                                                                            • String ID:
                                                                            • API String ID: 1860813098-0
                                                                            • Opcode ID: f9084082a4985c5075eb680e60ca2a71f1d7ece9899591bceb63650ba22ae77d
                                                                            • Instruction ID: 53d746911ecee331cd2625e527cd693400ce0f2bc7066ea938d0bfc5d2ea62cb
                                                                            • Opcode Fuzzy Hash: f9084082a4985c5075eb680e60ca2a71f1d7ece9899591bceb63650ba22ae77d
                                                                            • Instruction Fuzzy Hash: 5A1108721452409BCB129F24ECADEE93FA0EB17365B18419EE582971F3DB314841CB61
                                                                            APIs
                                                                            • GetLastError.KERNEL32(?,?,?,00B1F2DE,00B23863,00BC1444,?,00B0FDF5,?,?,00AFA976,00000010,00BC1440,00AF13FC,?,00AF13C6), ref: 00B22DFD
                                                                            • _free.LIBCMT ref: 00B22E32
                                                                            • _free.LIBCMT ref: 00B22E59
                                                                            • SetLastError.KERNEL32(00000000,00AF1129), ref: 00B22E66
                                                                            • SetLastError.KERNEL32(00000000,00AF1129), ref: 00B22E6F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$_free
                                                                            • String ID:
                                                                            • API String ID: 3170660625-0
                                                                            • Opcode ID: 8e6044bb2029023b10dc1b2b2cc9f61ab679d47c6ebd1231840bc4090f04a456
                                                                            • Instruction ID: 9e1ce081be65765ce2f7f69ffbec96c0fdf12c69cc8a26df840067cef006555a
                                                                            • Opcode Fuzzy Hash: 8e6044bb2029023b10dc1b2b2cc9f61ab679d47c6ebd1231840bc4090f04a456
                                                                            • Instruction Fuzzy Hash: C201F972205620B7C61277347C86D3B1AEDEBD576172201B8F41DE32E2EF74CC016120
                                                                            APIs
                                                                            • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B4FF41,80070057,?,?,?,00B5035E), ref: 00B5002B
                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B4FF41,80070057,?,?), ref: 00B50046
                                                                            • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B4FF41,80070057,?,?), ref: 00B50054
                                                                            • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B4FF41,80070057,?), ref: 00B50064
                                                                            • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00B4FF41,80070057,?,?), ref: 00B50070
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                            • String ID:
                                                                            • API String ID: 3897988419-0
                                                                            • Opcode ID: 06d068997933a256c304b16a84d4d9d5e8ea097ceee4b34befb7fd20a9863481
                                                                            • Instruction ID: bcec51d6a655475844670258aace02d78353b49cfb7fb0d805c9c8d252e2b5e4
                                                                            • Opcode Fuzzy Hash: 06d068997933a256c304b16a84d4d9d5e8ea097ceee4b34befb7fd20a9863481
                                                                            • Instruction Fuzzy Hash: B1018FB2610208BFDB115F68EC44BAA7EEDEB44752F1841A4FD05D3260DB71DD44CBA0
                                                                            APIs
                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 00B5E997
                                                                            • QueryPerformanceFrequency.KERNEL32(?), ref: 00B5E9A5
                                                                            • Sleep.KERNEL32(00000000), ref: 00B5E9AD
                                                                            • QueryPerformanceCounter.KERNEL32(?), ref: 00B5E9B7
                                                                            • Sleep.KERNEL32 ref: 00B5E9F3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                            • String ID:
                                                                            • API String ID: 2833360925-0
                                                                            • Opcode ID: 1e3787bd8136b0a9503bd11096438073d10b8450cf144baf7c39a136129c48da
                                                                            • Instruction ID: 89a12f13e1a1003519744fe5f353cf1942d02ea1a7a7edf86b389993b99e2855
                                                                            • Opcode Fuzzy Hash: 1e3787bd8136b0a9503bd11096438073d10b8450cf144baf7c39a136129c48da
                                                                            • Instruction Fuzzy Hash: F5015B71C01529DBCF44AFE4D8896DDBBB8FB09702F000586E922B2150DF309658C761
                                                                            APIs
                                                                            • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00B51114
                                                                            • GetLastError.KERNEL32(?,00000000,00000000,?,?,00B50B9B,?,?,?), ref: 00B51120
                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00B50B9B,?,?,?), ref: 00B5112F
                                                                            • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00B50B9B,?,?,?), ref: 00B51136
                                                                            • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00B5114D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                            • String ID:
                                                                            • API String ID: 842720411-0
                                                                            • Opcode ID: 8569ce3d3e8f6ecd4e51e68deb8580b8841866431ad256e12636cbdd269f8d5d
                                                                            • Instruction ID: aca7e2de26eb855ab86f3d204033d4eba8b3f03d98483543d2a4f2ee3beb6329
                                                                            • Opcode Fuzzy Hash: 8569ce3d3e8f6ecd4e51e68deb8580b8841866431ad256e12636cbdd269f8d5d
                                                                            • Instruction Fuzzy Hash: 3201FBB9100605AFDB115BA9EC49A6A3FAEEF85361B214495FA45D7260DB31DC00DB70
                                                                            APIs
                                                                            • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00B50FCA
                                                                            • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00B50FD6
                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00B50FE5
                                                                            • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00B50FEC
                                                                            • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00B51002
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                            • String ID:
                                                                            • API String ID: 44706859-0
                                                                            • Opcode ID: 72f56f78bfbc2987e19cc62a231d6cf35062d9ea537704960ff8c5810ac4d523
                                                                            • Instruction ID: d9b7521cca3f1927c0922dfd196c0e21c8b2ae6cbe517d74edf3cde67d435242
                                                                            • Opcode Fuzzy Hash: 72f56f78bfbc2987e19cc62a231d6cf35062d9ea537704960ff8c5810ac4d523
                                                                            • Instruction Fuzzy Hash: A3F01975101311ABD7215BA8AC89F563FADEF89762F544854FA45972A1CA70D840CA60
                                                                            APIs
                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00B5102A
                                                                            • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00B51036
                                                                            • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00B51045
                                                                            • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00B5104C
                                                                            • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00B51062
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                            • String ID:
                                                                            • API String ID: 44706859-0
                                                                            • Opcode ID: 55f507d10cc6a4d3a44c742631577cfac02e056798a78e929beca594d7485026
                                                                            • Instruction ID: 6ac6d24a872f391d435f37d0be928dd35e83e93ebe99fde3d3e8927803b0f979
                                                                            • Opcode Fuzzy Hash: 55f507d10cc6a4d3a44c742631577cfac02e056798a78e929beca594d7485026
                                                                            • Instruction Fuzzy Hash: 65F037B5200311EBDB215FA8EC89F563FADEF89662F240854FA459B2A0CE70D841CB70
                                                                            APIs
                                                                            • CloseHandle.KERNEL32(?,?,?,?,00B6017D,?,00B632FC,?,00000001,00B32592,?), ref: 00B60324
                                                                            • CloseHandle.KERNEL32(?,?,?,?,00B6017D,?,00B632FC,?,00000001,00B32592,?), ref: 00B60331
                                                                            • CloseHandle.KERNEL32(?,?,?,?,00B6017D,?,00B632FC,?,00000001,00B32592,?), ref: 00B6033E
                                                                            • CloseHandle.KERNEL32(?,?,?,?,00B6017D,?,00B632FC,?,00000001,00B32592,?), ref: 00B6034B
                                                                            • CloseHandle.KERNEL32(?,?,?,?,00B6017D,?,00B632FC,?,00000001,00B32592,?), ref: 00B60358
                                                                            • CloseHandle.KERNEL32(?,?,?,?,00B6017D,?,00B632FC,?,00000001,00B32592,?), ref: 00B60365
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseHandle
                                                                            • String ID:
                                                                            • API String ID: 2962429428-0
                                                                            • Opcode ID: 2925535dda82acd173d7ba17510eb8acd7ea43e7a3a2b4ad087669c83516898a
                                                                            • Instruction ID: 8751f1ebbcc2d86123489c4d4c040e98ed67659e3225cd57509e42a50680bd51
                                                                            • Opcode Fuzzy Hash: 2925535dda82acd173d7ba17510eb8acd7ea43e7a3a2b4ad087669c83516898a
                                                                            • Instruction Fuzzy Hash: 9101D872810B118FCB30AF66D880803FBF9FF602063048A3ED19252A30C3B4A988CF84
                                                                            APIs
                                                                            • _free.LIBCMT ref: 00B2D752
                                                                              • Part of subcall function 00B229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000), ref: 00B229DE
                                                                              • Part of subcall function 00B229C8: GetLastError.KERNEL32(00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000,00000000), ref: 00B229F0
                                                                            • _free.LIBCMT ref: 00B2D764
                                                                            • _free.LIBCMT ref: 00B2D776
                                                                            • _free.LIBCMT ref: 00B2D788
                                                                            • _free.LIBCMT ref: 00B2D79A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                            • String ID:
                                                                            • API String ID: 776569668-0
                                                                            • Opcode ID: 3a70160bd2a63b8519cb659a744ff97aaeeb929c5a760bd8c7f42266129f2c31
                                                                            • Instruction ID: ade518cd937a262c3764ce1012bdc224f08862b0ea9059856fac8276778a8a63
                                                                            • Opcode Fuzzy Hash: 3a70160bd2a63b8519cb659a744ff97aaeeb929c5a760bd8c7f42266129f2c31
                                                                            • Instruction Fuzzy Hash: CCF0FF32544624ABD621EB64F9C5C167BDDFB487107E40D95F04CD7611CB64FC808664
                                                                            APIs
                                                                            • GetDlgItem.USER32(?,000003E9), ref: 00B55C58
                                                                            • GetWindowTextW.USER32(00000000,?,00000100), ref: 00B55C6F
                                                                            • MessageBeep.USER32(00000000), ref: 00B55C87
                                                                            • KillTimer.USER32(?,0000040A), ref: 00B55CA3
                                                                            • EndDialog.USER32(?,00000001), ref: 00B55CBD
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                            • String ID:
                                                                            • API String ID: 3741023627-0
                                                                            • Opcode ID: 71f3ee1339518458e62f7bdec5e91de38c40c64931119e59f428e0a5f97844a3
                                                                            • Instruction ID: 987689b84f25bf047debfd74f05fab22e6f845c19c4a083582e24f6db0a8606c
                                                                            • Opcode Fuzzy Hash: 71f3ee1339518458e62f7bdec5e91de38c40c64931119e59f428e0a5f97844a3
                                                                            • Instruction Fuzzy Hash: 34011770500704ABEB315B50DD5EFA57BB8FB04707F0415A9A552624E1DBF45948CB50
                                                                            APIs
                                                                            • _free.LIBCMT ref: 00B222BE
                                                                              • Part of subcall function 00B229C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000), ref: 00B229DE
                                                                              • Part of subcall function 00B229C8: GetLastError.KERNEL32(00000000,?,00B2D7D1,00000000,00000000,00000000,00000000,?,00B2D7F8,00000000,00000007,00000000,?,00B2DBF5,00000000,00000000), ref: 00B229F0
                                                                            • _free.LIBCMT ref: 00B222D0
                                                                            • _free.LIBCMT ref: 00B222E3
                                                                            • _free.LIBCMT ref: 00B222F4
                                                                            • _free.LIBCMT ref: 00B22305
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$ErrorFreeHeapLast
                                                                            • String ID:
                                                                            • API String ID: 776569668-0
                                                                            • Opcode ID: 7c7e4011b24923c2ad894ffb32ce7c094daf42bca8bd330a86f188e8ba100824
                                                                            • Instruction ID: e318372da189d9542c564974c503953a255f244e6a8361f8d902afa25ac33065
                                                                            • Opcode Fuzzy Hash: 7c7e4011b24923c2ad894ffb32ce7c094daf42bca8bd330a86f188e8ba100824
                                                                            • Instruction Fuzzy Hash: 3FF017B5810131AB8612FF58BC01C583FA4FB2D7617410B9AF428E73B2CF750891AAA4
                                                                            APIs
                                                                            • EndPath.GDI32(?), ref: 00B095D4
                                                                            • StrokeAndFillPath.GDI32(?,?,00B471F7,00000000,?,?,?), ref: 00B095F0
                                                                            • SelectObject.GDI32(?,00000000), ref: 00B09603
                                                                            • DeleteObject.GDI32 ref: 00B09616
                                                                            • StrokePath.GDI32(?), ref: 00B09631
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                            • String ID:
                                                                            • API String ID: 2625713937-0
                                                                            • Opcode ID: a622e822593ad2c9d2d8e98317dfb66ec8fd9ec544b65d4e046bc77237a256a7
                                                                            • Instruction ID: 74b6c204942156bbd65f0d743ea1fd8bb1cac7b12b1bd5ddb5530e5fdb39bfd1
                                                                            • Opcode Fuzzy Hash: a622e822593ad2c9d2d8e98317dfb66ec8fd9ec544b65d4e046bc77237a256a7
                                                                            • Instruction Fuzzy Hash: FEF03C30005704EBDB525F69ED5CB643FA1EB06362F048254F425670F2CFB189A2DF20
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: __freea$_free
                                                                            • String ID: a/p$am/pm
                                                                            • API String ID: 3432400110-3206640213
                                                                            • Opcode ID: 720f46aa045b78a285b1c7ff98ec5c0a945f0391ee053bf426fe8237855da34d
                                                                            • Instruction ID: 13936dfd7f9831d0e9a3581bea91f2c72d6961fb6ba3fe951aa223b1430bc3dc
                                                                            • Opcode Fuzzy Hash: 720f46aa045b78a285b1c7ff98ec5c0a945f0391ee053bf426fe8237855da34d
                                                                            • Instruction Fuzzy Hash: ACD12631910225EACB24DF6CE885BFAB7F2FF25700F2409D9E509AB650D3359D80CBA5
                                                                            APIs
                                                                              • Part of subcall function 00B10242: EnterCriticalSection.KERNEL32(00BC070C,00BC1884,?,?,00B0198B,00BC2518,?,?,?,00AF12F9,00000000), ref: 00B1024D
                                                                              • Part of subcall function 00B10242: LeaveCriticalSection.KERNEL32(00BC070C,?,00B0198B,00BC2518,?,?,?,00AF12F9,00000000), ref: 00B1028A
                                                                              • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                              • Part of subcall function 00B100A3: __onexit.LIBCMT ref: 00B100A9
                                                                            • __Init_thread_footer.LIBCMT ref: 00B77BFB
                                                                              • Part of subcall function 00B101F8: EnterCriticalSection.KERNEL32(00BC070C,?,?,00B08747,00BC2514), ref: 00B10202
                                                                              • Part of subcall function 00B101F8: LeaveCriticalSection.KERNEL32(00BC070C,?,00B08747,00BC2514), ref: 00B10235
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                            • String ID: 5$G$Variable must be of type 'Object'.
                                                                            • API String ID: 535116098-3733170431
                                                                            • Opcode ID: 71d36a7411e077f7c9737fec7eee7f2ded5d0830a476e80169c6b6bcc1c5483c
                                                                            • Instruction ID: a1d6b9fd28c4d1ea98f11543acd4a766175bac38a10abd7bac1501dbc66a0114
                                                                            • Opcode Fuzzy Hash: 71d36a7411e077f7c9737fec7eee7f2ded5d0830a476e80169c6b6bcc1c5483c
                                                                            • Instruction Fuzzy Hash: 15916BB1A44209AFCB14EF94D991DBDB7F1FF48300F108099F82A9B2A1DB71AE41CB51
                                                                            APIs
                                                                              • Part of subcall function 00B5B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00B521D0,?,?,00000034,00000800,?,00000034), ref: 00B5B42D
                                                                            • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00B52760
                                                                              • Part of subcall function 00B5B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00B521FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00B5B3F8
                                                                              • Part of subcall function 00B5B32A: GetWindowThreadProcessId.USER32(?,?), ref: 00B5B355
                                                                              • Part of subcall function 00B5B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00B52194,00000034,?,?,00001004,00000000,00000000), ref: 00B5B365
                                                                              • Part of subcall function 00B5B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00B52194,00000034,?,?,00001004,00000000,00000000), ref: 00B5B37B
                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00B527CD
                                                                            • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00B5281A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                            • String ID: @
                                                                            • API String ID: 4150878124-2766056989
                                                                            • Opcode ID: 6025eaaec8ae7bb62bf98490ee5db5ccbce68d2427d95bf310ef9fffdf11024b
                                                                            • Instruction ID: 6415ea25715f3c7d4cb95db4bf2d4984bb8aedd18376c666cdf112710f01cbcd
                                                                            • Opcode Fuzzy Hash: 6025eaaec8ae7bb62bf98490ee5db5ccbce68d2427d95bf310ef9fffdf11024b
                                                                            • Instruction Fuzzy Hash: 1A410872901218AEDB10DBA4CD85FEEBBB8EF09700F104099FA55B7191DB706E49CBA1
                                                                            APIs
                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00B21769
                                                                            • _free.LIBCMT ref: 00B21834
                                                                            • _free.LIBCMT ref: 00B2183E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free$FileModuleName
                                                                            • String ID: C:\Users\user\Desktop\file.exe
                                                                            • API String ID: 2506810119-517116171
                                                                            • Opcode ID: 683c6707e229ba9fcfc8a94b0cc5d93ad40ede0de88f27ffd31af5f1d5a94219
                                                                            • Instruction ID: bcc2625bdaa03808df1bf9d1ee023fa434051c2c604d7b4bb1a35a58ba103e34
                                                                            • Opcode Fuzzy Hash: 683c6707e229ba9fcfc8a94b0cc5d93ad40ede0de88f27ffd31af5f1d5a94219
                                                                            • Instruction Fuzzy Hash: F23154B5A00228ABDB21DF9DA885D9EBBFCEB95310B5445E6F408EB211D6708E40CB90
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00B5C306
                                                                            • DeleteMenu.USER32(?,00000007,00000000), ref: 00B5C34C
                                                                            • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00BC1990,01416AE0), ref: 00B5C395
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$Delete$InfoItem
                                                                            • String ID: 0
                                                                            • API String ID: 135850232-4108050209
                                                                            • Opcode ID: bbe4c6b2782ef56498b1165dfb29ff039d69e057ab8de6d89fd689e0bb44f3b7
                                                                            • Instruction ID: 9155e87dc2ba42a716b9d5ce880ae0643cb4a1c01456f142453cf367ffac5e62
                                                                            • Opcode Fuzzy Hash: bbe4c6b2782ef56498b1165dfb29ff039d69e057ab8de6d89fd689e0bb44f3b7
                                                                            • Instruction Fuzzy Hash: B841DD312043059FDB20DF24D885B6ABFE5EF84321F108A9DFCA1972D2C770A908CB66
                                                                            APIs
                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00B8CC08,00000000,?,?,?,?), ref: 00B844AA
                                                                            • GetWindowLongW.USER32 ref: 00B844C7
                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B844D7
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Long
                                                                            • String ID: SysTreeView32
                                                                            • API String ID: 847901565-1698111956
                                                                            • Opcode ID: bc007da63bb1b71708866bdd5aaf953dd6c9628caf9f168e3225349e7cee1cbf
                                                                            • Instruction ID: 4fdf7d68f38aa5073c8bbd44975dc7f3a72a3e622f8439d97a2832d8adbc4858
                                                                            • Opcode Fuzzy Hash: bc007da63bb1b71708866bdd5aaf953dd6c9628caf9f168e3225349e7cee1cbf
                                                                            • Instruction Fuzzy Hash: A0319E71210206ABDB20AE78DC45BEA7BE9EB09324F244765F975A32E0DB70EC50D760
                                                                            APIs
                                                                              • Part of subcall function 00B7335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00B73077,?,?), ref: 00B73378
                                                                            • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00B7307A
                                                                            • _wcslen.LIBCMT ref: 00B7309B
                                                                            • htons.WSOCK32(00000000,?,?,00000000), ref: 00B73106
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                            • String ID: 255.255.255.255
                                                                            • API String ID: 946324512-2422070025
                                                                            • Opcode ID: 78e7d94cb24b4adcbd4d30fe7d4ab75c232b33c8203d114730a1f79544fde939
                                                                            • Instruction ID: 547323cfc390f3483c67efa70c7d0a10485a84f2a00a3b4a2018fbab79761704
                                                                            • Opcode Fuzzy Hash: 78e7d94cb24b4adcbd4d30fe7d4ab75c232b33c8203d114730a1f79544fde939
                                                                            • Instruction Fuzzy Hash: 9F31C1392002059FCB20DF68C585FAA77E0EF14718F64C0D9E9299B7A2DB72EE41D761
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00B83F40
                                                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00B83F54
                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00B83F78
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Window
                                                                            • String ID: SysMonthCal32
                                                                            • API String ID: 2326795674-1439706946
                                                                            • Opcode ID: 2a4693a2072c92f4b5ca5556b854091d2315da8b13b8aca3d75d89f71d8c858d
                                                                            • Instruction ID: 9d9bac7fa9ced031217230f7dfe8d05dd02067cfe9e40e3e76032e82ec4938d7
                                                                            • Opcode Fuzzy Hash: 2a4693a2072c92f4b5ca5556b854091d2315da8b13b8aca3d75d89f71d8c858d
                                                                            • Instruction Fuzzy Hash: 7321BF32610219BBDF159F90CC46FEA3BB9EF48B14F110254FE156B1E0DAB1E950CBA0
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00B84705
                                                                            • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00B84713
                                                                            • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00B8471A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$DestroyWindow
                                                                            • String ID: msctls_updown32
                                                                            • API String ID: 4014797782-2298589950
                                                                            • Opcode ID: 8954d1d841da9374aaebe4c3ffec1f91e0525cd65cdae73f943d714d9c93b457
                                                                            • Instruction ID: 3a8541451bb35ab8ddc6d3760e1f5efcd5fca437a06f4e31c690943914444d44
                                                                            • Opcode Fuzzy Hash: 8954d1d841da9374aaebe4c3ffec1f91e0525cd65cdae73f943d714d9c93b457
                                                                            • Instruction Fuzzy Hash: 71212CB5600209AFDB10EF68DC81DB637EDEB5A398B140499FA019B261DB71EC51CB60
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen
                                                                            • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                            • API String ID: 176396367-2734436370
                                                                            • Opcode ID: 073374c4ffa2679b78e14e6608e3746cd14a26ff97c76965ad5de9215ff76627
                                                                            • Instruction ID: c0e02ab05a5e4d2a2e9c03d96f3b8650e4ae4577424084f329df8af0e47a5df4
                                                                            • Opcode Fuzzy Hash: 073374c4ffa2679b78e14e6608e3746cd14a26ff97c76965ad5de9215ff76627
                                                                            • Instruction Fuzzy Hash: 08216532204211A6D731BB24EC02FBB73D8EFA1311F8040E6FD4997091EB60AD9DC391
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00B83840
                                                                            • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00B83850
                                                                            • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00B83876
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$MoveWindow
                                                                            • String ID: Listbox
                                                                            • API String ID: 3315199576-2633736733
                                                                            • Opcode ID: 40ba0e09d0edf206ffbce24d884100665ff4eaa232d3b891e89459749519eea4
                                                                            • Instruction ID: 8493e312bb7860d0a196ed594c4824d55ea565da933b98282b6791c0feb66d5b
                                                                            • Opcode Fuzzy Hash: 40ba0e09d0edf206ffbce24d884100665ff4eaa232d3b891e89459749519eea4
                                                                            • Instruction Fuzzy Hash: FB217F72610118BBEB11AF54CC85EBB37EAEF89F50F118164F9059B1A0DA71DC52C7A0
                                                                            APIs
                                                                            • SetErrorMode.KERNEL32(00000001), ref: 00B64A08
                                                                            • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00B64A5C
                                                                            • SetErrorMode.KERNEL32(00000000,?,?,00B8CC08), ref: 00B64AD0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorMode$InformationVolume
                                                                            • String ID: %lu
                                                                            • API String ID: 2507767853-685833217
                                                                            • Opcode ID: 4169085271b3baddb22a13ee4c008295763d8e24f68c2dcae40c3f1e45b83d0c
                                                                            • Instruction ID: 1bfb3a7645464a05b771f40a250c7d037f7c726b220b01d9307e9f9f0eae1555
                                                                            • Opcode Fuzzy Hash: 4169085271b3baddb22a13ee4c008295763d8e24f68c2dcae40c3f1e45b83d0c
                                                                            • Instruction Fuzzy Hash: 38312175A00109AFDB10DF94C985EAA7BF8EF08308F1480A5F909DB262DB75ED46CB61
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00B8424F
                                                                            • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00B84264
                                                                            • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00B84271
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID: msctls_trackbar32
                                                                            • API String ID: 3850602802-1010561917
                                                                            • Opcode ID: 4a4ef721f6b0e98b385eaed8860aaeb305c8e3d2bc3447c746105180bf8a7a01
                                                                            • Instruction ID: 98e4faf6e532974eea35850d449704e70ccf68e350e7ca577bd032f4d2eaf2d3
                                                                            • Opcode Fuzzy Hash: 4a4ef721f6b0e98b385eaed8860aaeb305c8e3d2bc3447c746105180bf8a7a01
                                                                            • Instruction Fuzzy Hash: 3011C131254209BEEF20AE68CC06FAB3BECEF95B54F114524FA55E60A0D6B1D821DB20
                                                                            APIs
                                                                              • Part of subcall function 00AF6B57: _wcslen.LIBCMT ref: 00AF6B6A
                                                                              • Part of subcall function 00B52DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00B52DC5
                                                                              • Part of subcall function 00B52DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00B52DD6
                                                                              • Part of subcall function 00B52DA7: GetCurrentThreadId.KERNEL32 ref: 00B52DDD
                                                                              • Part of subcall function 00B52DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00B52DE4
                                                                            • GetFocus.USER32 ref: 00B52F78
                                                                              • Part of subcall function 00B52DEE: GetParent.USER32(00000000), ref: 00B52DF9
                                                                            • GetClassNameW.USER32(?,?,00000100), ref: 00B52FC3
                                                                            • EnumChildWindows.USER32(?,00B5303B), ref: 00B52FEB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                            • String ID: %s%d
                                                                            • API String ID: 1272988791-1110647743
                                                                            • Opcode ID: 4bd982f60e85d5cbff2fbea7ab88379de5bff8df97cc30624288f9c718904e91
                                                                            • Instruction ID: 6ae5ddd71fad8616b960eec3caa0e501d7af38ca27b1631d44ff1c121f3a5748
                                                                            • Opcode Fuzzy Hash: 4bd982f60e85d5cbff2fbea7ab88379de5bff8df97cc30624288f9c718904e91
                                                                            • Instruction Fuzzy Hash: 71118EB16002096BDF557FA48885BED3BEAEF84305F0440F5BD099B2A2DE7099498B70
                                                                            APIs
                                                                            • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00B858C1
                                                                            • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00B858EE
                                                                            • DrawMenuBar.USER32(?), ref: 00B858FD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Menu$InfoItem$Draw
                                                                            • String ID: 0
                                                                            • API String ID: 3227129158-4108050209
                                                                            • Opcode ID: dac4856070531fa5fa5b5bd4d96a468d1b4577bfea0de15987eb460898650e31
                                                                            • Instruction ID: 33a325a32ad637b239b557126956a85e287c5a1f61716eec67293e93d2b7cc57
                                                                            • Opcode Fuzzy Hash: dac4856070531fa5fa5b5bd4d96a468d1b4577bfea0de15987eb460898650e31
                                                                            • Instruction Fuzzy Hash: 13011B71600219EEDB21AF11DC85BAEBFB4FB45361F1480E9E849D62B1DB309A94DF31
                                                                            APIs
                                                                            • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 00B4D3BF
                                                                            • FreeLibrary.KERNEL32 ref: 00B4D3E5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: AddressFreeLibraryProc
                                                                            • String ID: GetSystemWow64DirectoryW$X64
                                                                            • API String ID: 3013587201-2590602151
                                                                            • Opcode ID: 146aece8a2313ab6973dd20ee0b92a7480b8cbde22ddee9c4a180698e51e48f9
                                                                            • Instruction ID: 2ebb4a1e86a8e330f0b006d35b2f5f8b15502eae657cc3f101fe62593eecde34
                                                                            • Opcode Fuzzy Hash: 146aece8a2313ab6973dd20ee0b92a7480b8cbde22ddee9c4a180698e51e48f9
                                                                            • Instruction Fuzzy Hash: 5FF027725016019BC3302A108C88A693BE4AF11B01B9081C9F006F20A4DBB0CA40A75A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 41b42e053a2a7e863154bfb4991bf422692672681f6e6febb2c3c9d1f5a036fb
                                                                            • Instruction ID: 2d2c912b3ada8cd633e6d5411583046a33d94735652bace1b10919f5a4e1f29d
                                                                            • Opcode Fuzzy Hash: 41b42e053a2a7e863154bfb4991bf422692672681f6e6febb2c3c9d1f5a036fb
                                                                            • Instruction Fuzzy Hash: 9DC15875A1020AAFDB14DFA4C894BAEB7B5FF48305F2085D8E905EB251D731EE85CB90
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: __alldvrm$_strrchr
                                                                            • String ID:
                                                                            • API String ID: 1036877536-0
                                                                            • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                            • Instruction ID: 53747b37c370df057069af796da68615df08c6bed59768053493541a667604eb
                                                                            • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                            • Instruction Fuzzy Hash: 0FA16771E003A69FDB21CF18E8917AEBFE4EF61350F1845EDE5899B681C3388981C750
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Variant$ClearInitInitializeUninitialize
                                                                            • String ID:
                                                                            • API String ID: 1998397398-0
                                                                            • Opcode ID: 92776c72556db38b4bfc9dece5506f9c324e4ea65d23bebf0c570f6168d4a362
                                                                            • Instruction ID: d82314a53b1575eda7c4a7df312c7b3c4c31bcd5a56646bbc7596f354b7c1683
                                                                            • Opcode Fuzzy Hash: 92776c72556db38b4bfc9dece5506f9c324e4ea65d23bebf0c570f6168d4a362
                                                                            • Instruction Fuzzy Hash: 40A14B75208304DFC710DF68C585A2ABBE5FF88B14F048899F99A9B362DB70EE05DB51
                                                                            APIs
                                                                            • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00B8FC08,?), ref: 00B505F0
                                                                            • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00B8FC08,?), ref: 00B50608
                                                                            • CLSIDFromProgID.OLE32(?,?,00000000,00B8CC40,000000FF,?,00000000,00000800,00000000,?,00B8FC08,?), ref: 00B5062D
                                                                            • _memcmp.LIBVCRUNTIME ref: 00B5064E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FromProg$FreeTask_memcmp
                                                                            • String ID:
                                                                            • API String ID: 314563124-0
                                                                            • Opcode ID: d7eea60b31ac95d627db0c1cf79775b5ec191563470de0848dab7a7689b2918e
                                                                            • Instruction ID: 23309777b56b88e9da1b47f9f6edf3a25912dd0266c5ec6563205c5a0363f265
                                                                            • Opcode Fuzzy Hash: d7eea60b31ac95d627db0c1cf79775b5ec191563470de0848dab7a7689b2918e
                                                                            • Instruction Fuzzy Hash: 6381FE75910109EFCB04DF94C984EEEB7F9FF89315F104598E516AB250DB71AE0ACB60
                                                                            APIs
                                                                            • CreateToolhelp32Snapshot.KERNEL32 ref: 00B7A6AC
                                                                            • Process32FirstW.KERNEL32(00000000,?), ref: 00B7A6BA
                                                                              • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                            • Process32NextW.KERNEL32(00000000,?), ref: 00B7A79C
                                                                            • CloseHandle.KERNEL32(00000000), ref: 00B7A7AB
                                                                              • Part of subcall function 00B0CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00B33303,?), ref: 00B0CE8A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                            • String ID:
                                                                            • API String ID: 1991900642-0
                                                                            • Opcode ID: 2a53c148f488376adaea204cf1082452d2bb6cc376ec248b793bc987c861e044
                                                                            • Instruction ID: 831e1a61963b3b59f128b6b029db39e038f177022de9fe196f70b8f639eb6980
                                                                            • Opcode Fuzzy Hash: 2a53c148f488376adaea204cf1082452d2bb6cc376ec248b793bc987c861e044
                                                                            • Instruction Fuzzy Hash: E0516DB15083049FD710EF64C986A6FBBE8FF89754F00896DF599972A1EB30D904CB92
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _free
                                                                            • String ID:
                                                                            • API String ID: 269201875-0
                                                                            • Opcode ID: 703dea3ba4701d2118e32058ab7ed0fdd4bc89f6d3495eaaae6e284b75606e5d
                                                                            • Instruction ID: a30bc904fbe4617ad932b0e4f768475f99edd3f6f62924cf7100c38f038fd803
                                                                            • Opcode Fuzzy Hash: 703dea3ba4701d2118e32058ab7ed0fdd4bc89f6d3495eaaae6e284b75606e5d
                                                                            • Instruction Fuzzy Hash: 8A410B31A00511ABDB217BBD9C866BE3AEDEF41370F344AE5F41DD7392EA3448419BA1
                                                                            APIs
                                                                            • GetWindowRect.USER32(?,?), ref: 00B862E2
                                                                            • ScreenToClient.USER32(?,?), ref: 00B86315
                                                                            • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00B86382
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ClientMoveRectScreen
                                                                            • String ID:
                                                                            • API String ID: 3880355969-0
                                                                            • Opcode ID: 1bd52f4ba8da59458c04dc3213e0ac198fb3260266fb2b982aec42942ee272fe
                                                                            • Instruction ID: 75f3c1d662b91c8ae8746b2e63fb39d35573039fdd6b1b442901eaff39806072
                                                                            • Opcode Fuzzy Hash: 1bd52f4ba8da59458c04dc3213e0ac198fb3260266fb2b982aec42942ee272fe
                                                                            • Instruction Fuzzy Hash: BF510974A00209EFDB14EF68D980AAE7BF5FF45360F1085A9F9159B2A1DB70ED81CB50
                                                                            APIs
                                                                            • socket.WSOCK32(00000002,00000002,00000011), ref: 00B71AFD
                                                                            • WSAGetLastError.WSOCK32 ref: 00B71B0B
                                                                            • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00B71B8A
                                                                            • WSAGetLastError.WSOCK32 ref: 00B71B94
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$socket
                                                                            • String ID:
                                                                            • API String ID: 1881357543-0
                                                                            • Opcode ID: d0289b54c3037d69c6c3584d90e9f139e878c66175345d00b466ed42bc09cca9
                                                                            • Instruction ID: b6fc64e7280a5c958441a5608c7d4cc317ea71d823496ffba9d97589efb3362f
                                                                            • Opcode Fuzzy Hash: d0289b54c3037d69c6c3584d90e9f139e878c66175345d00b466ed42bc09cca9
                                                                            • Instruction Fuzzy Hash: A0416E746402046FE720AF68C986F397BE5EB44718F54C498FA2A9F3D2D772DD418BA0
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 0773ee027820c5d2db76d88953c177df4410a7978862b7b8da037be8536adade
                                                                            • Instruction ID: 2f5f945fd507018ea61c8a49a4a774261089be65c79905a32e85e08ec4b6985d
                                                                            • Opcode Fuzzy Hash: 0773ee027820c5d2db76d88953c177df4410a7978862b7b8da037be8536adade
                                                                            • Instruction Fuzzy Hash: 33413C71A00724BFD724AF38DC81FAA7BE9EB88710F2045AEF559DB381DB7199418780
                                                                            APIs
                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00B65783
                                                                            • GetLastError.KERNEL32(?,00000000), ref: 00B657A9
                                                                            • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00B657CE
                                                                            • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00B657FA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateHardLink$DeleteErrorFileLast
                                                                            • String ID:
                                                                            • API String ID: 3321077145-0
                                                                            • Opcode ID: 99145863a3664150126c2af294748ca6c234b85c8ef79a74fe63e5341ca835a8
                                                                            • Instruction ID: 14d75e770065947240f19901b687a06fb17ce09f5db762359f66bdd23f90da1e
                                                                            • Opcode Fuzzy Hash: 99145863a3664150126c2af294748ca6c234b85c8ef79a74fe63e5341ca835a8
                                                                            • Instruction Fuzzy Hash: 1C413D35600615DFCB21DF55C544A2EBBF2EF89720B188488F94AAB362CB74FD04CB91
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00B16D71,00000000,00000000,00B182D9,?,00B182D9,?,00000001,00B16D71,8BE85006,00000001,00B182D9,00B182D9), ref: 00B2D910
                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00B2D999
                                                                            • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00B2D9AB
                                                                            • __freea.LIBCMT ref: 00B2D9B4
                                                                              • Part of subcall function 00B23820: RtlAllocateHeap.NTDLL(00000000,?,00BC1444,?,00B0FDF5,?,?,00AFA976,00000010,00BC1440,00AF13FC,?,00AF13C6,?,00AF1129), ref: 00B23852
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                            • String ID:
                                                                            • API String ID: 2652629310-0
                                                                            • Opcode ID: 007ccdb6ec8777c6046d96a977325b4e39c575942b2e931ae0ea2f1edd405b09
                                                                            • Instruction ID: c0a7d77068b2a10d84a8209347fba10370783d86739982662345934ca641a2f7
                                                                            • Opcode Fuzzy Hash: 007ccdb6ec8777c6046d96a977325b4e39c575942b2e931ae0ea2f1edd405b09
                                                                            • Instruction Fuzzy Hash: 1931B371A0021AABDF24DF64EC85EAE7BE5EB40710F1542A8FC08D7150DB35CD94CB90
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 00B85352
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00B85375
                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00B85382
                                                                            • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00B853A8
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LongWindow$InvalidateMessageRectSend
                                                                            • String ID:
                                                                            • API String ID: 3340791633-0
                                                                            • Opcode ID: 835b9b9e3eb69af722cbdea7c9ff28bbc83881d76c25d1d25df642db261e6580
                                                                            • Instruction ID: 5737880645506c6d22d881332e80b22e4d57a61f033fdd6c0877797a96d57857
                                                                            • Opcode Fuzzy Hash: 835b9b9e3eb69af722cbdea7c9ff28bbc83881d76c25d1d25df642db261e6580
                                                                            • Instruction Fuzzy Hash: 8331AF74A55A0CFFEB30AA14CC46FE837E5EB05391F584181BA12971F1C7B09E40DB59
                                                                            APIs
                                                                            • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 00B5ABF1
                                                                            • SetKeyboardState.USER32(00000080,?,00008000), ref: 00B5AC0D
                                                                            • PostMessageW.USER32(00000000,00000101,00000000), ref: 00B5AC74
                                                                            • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 00B5ACC6
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: KeyboardState$InputMessagePostSend
                                                                            • String ID:
                                                                            • API String ID: 432972143-0
                                                                            • Opcode ID: de06223bc5f8308b0c28400af672952822f6b2bd08b2ecedf6f9dafa3b455de8
                                                                            • Instruction ID: ccb7fe34e51ad93acebcb56ff2e58774a9e0ad926b056e3090afda692a306415
                                                                            • Opcode Fuzzy Hash: de06223bc5f8308b0c28400af672952822f6b2bd08b2ecedf6f9dafa3b455de8
                                                                            • Instruction Fuzzy Hash: 1D312670A00218AFEF34CB648C05BFA7BE5EB89312F0443DAEC85A71D0D37599898762
                                                                            APIs
                                                                            • ClientToScreen.USER32(?,?), ref: 00B8769A
                                                                            • GetWindowRect.USER32(?,?), ref: 00B87710
                                                                            • PtInRect.USER32(?,?,00B88B89), ref: 00B87720
                                                                            • MessageBeep.USER32(00000000), ref: 00B8778C
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Rect$BeepClientMessageScreenWindow
                                                                            • String ID:
                                                                            • API String ID: 1352109105-0
                                                                            • Opcode ID: b9c27a7ddf3f9c991fa2e210cf7b75eef5545a3922f6083c788210b587b6cd24
                                                                            • Instruction ID: 9a1a29595ebe111f2c6a3827c497d5b5b40fe12ee5e0631e4ce17491ade75e98
                                                                            • Opcode Fuzzy Hash: b9c27a7ddf3f9c991fa2e210cf7b75eef5545a3922f6083c788210b587b6cd24
                                                                            • Instruction Fuzzy Hash: CC417E786452149FCB01EF58C894EA97BF5FB49318F2940E8E8249B271DB70ED42CB90
                                                                            APIs
                                                                            • GetForegroundWindow.USER32 ref: 00B816EB
                                                                              • Part of subcall function 00B53A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00B53A57
                                                                              • Part of subcall function 00B53A3D: GetCurrentThreadId.KERNEL32 ref: 00B53A5E
                                                                              • Part of subcall function 00B53A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00B525B3), ref: 00B53A65
                                                                            • GetCaretPos.USER32(?), ref: 00B816FF
                                                                            • ClientToScreen.USER32(00000000,?), ref: 00B8174C
                                                                            • GetForegroundWindow.USER32 ref: 00B81752
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                            • String ID:
                                                                            • API String ID: 2759813231-0
                                                                            • Opcode ID: 7dd71b09ae2b922f55fb893cda7428d96f82e74bd8ab63042f87296a765ece2a
                                                                            • Instruction ID: f24681d54ce4904408d3e5c41df70fd9a5c7ce0aa6b82b6fd6b7d125ad6e0186
                                                                            • Opcode Fuzzy Hash: 7dd71b09ae2b922f55fb893cda7428d96f82e74bd8ab63042f87296a765ece2a
                                                                            • Instruction Fuzzy Hash: 853121B5D01249AFC700EFA9C981DAEBBFDEF48304B5484A9E515E7211DB319E45CBA0
                                                                            APIs
                                                                              • Part of subcall function 00AF7620: _wcslen.LIBCMT ref: 00AF7625
                                                                            • _wcslen.LIBCMT ref: 00B5DFCB
                                                                            • _wcslen.LIBCMT ref: 00B5DFE2
                                                                            • _wcslen.LIBCMT ref: 00B5E00D
                                                                            • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00B5E018
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$ExtentPoint32Text
                                                                            • String ID:
                                                                            • API String ID: 3763101759-0
                                                                            • Opcode ID: 05d31833f723bd6d394fa4b5be0f30fb96bd76d3019727f161f7fac245834068
                                                                            • Instruction ID: d16443b4be78ad8d84261f422dcdc4b2d77f8de36b3e5632d0f50333de1552e2
                                                                            • Opcode Fuzzy Hash: 05d31833f723bd6d394fa4b5be0f30fb96bd76d3019727f161f7fac245834068
                                                                            • Instruction Fuzzy Hash: 9E21D171900215AFCB20EFA8D982BBEBBF8EF45750F1441E5E904BB281D7709E40CBA1
                                                                            APIs
                                                                              • Part of subcall function 00B09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B09BB2
                                                                            • GetCursorPos.USER32(?), ref: 00B89001
                                                                            • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00B47711,?,?,?,?,?), ref: 00B89016
                                                                            • GetCursorPos.USER32(?), ref: 00B8905E
                                                                            • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00B47711,?,?,?), ref: 00B89094
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                            • String ID:
                                                                            • API String ID: 2864067406-0
                                                                            • Opcode ID: 3aa6a1bad1427e4d43bd9cb8f5d1f8b4696b96c5f575acece27ac9d337bc216f
                                                                            • Instruction ID: b339e2b0154cd5accd438aa6fa86db2b99863c05eff89bf092a3fa29b16778ff
                                                                            • Opcode Fuzzy Hash: 3aa6a1bad1427e4d43bd9cb8f5d1f8b4696b96c5f575acece27ac9d337bc216f
                                                                            • Instruction Fuzzy Hash: 56219F35600018EFCF259F98CC59EFA7BF9EB4A350F2840A5F906672B2C7319950DB60
                                                                            APIs
                                                                            • GetFileAttributesW.KERNEL32(?,00B8CB68), ref: 00B5D2FB
                                                                            • GetLastError.KERNEL32 ref: 00B5D30A
                                                                            • CreateDirectoryW.KERNEL32(?,00000000), ref: 00B5D319
                                                                            • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00B8CB68), ref: 00B5D376
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateDirectory$AttributesErrorFileLast
                                                                            • String ID:
                                                                            • API String ID: 2267087916-0
                                                                            • Opcode ID: b20ee8d5b913969f0b0a1f0105eae92884d29c813bb2e05e42d6e178aa21261a
                                                                            • Instruction ID: c32e63cfff3e1a0f92ffc27b4fefe02ae8ef52ee51c82bee609dcffae582df54
                                                                            • Opcode Fuzzy Hash: b20ee8d5b913969f0b0a1f0105eae92884d29c813bb2e05e42d6e178aa21261a
                                                                            • Instruction Fuzzy Hash: 9521D3705052019F8720DF64C881A6BBBE4EF55365F104B9DF899C72E1DB30D909CB97
                                                                            APIs
                                                                              • Part of subcall function 00B51014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00B5102A
                                                                              • Part of subcall function 00B51014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00B51036
                                                                              • Part of subcall function 00B51014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00B51045
                                                                              • Part of subcall function 00B51014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00B5104C
                                                                              • Part of subcall function 00B51014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00B51062
                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00B515BE
                                                                            • _memcmp.LIBVCRUNTIME ref: 00B515E1
                                                                            • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00B51617
                                                                            • HeapFree.KERNEL32(00000000), ref: 00B5161E
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                            • String ID:
                                                                            • API String ID: 1592001646-0
                                                                            • Opcode ID: feebd641607a6bdb305e1973ffb1fff39e075836858bd3ac31efe6f45548e22a
                                                                            • Instruction ID: eb42157870856e9bda453eb34225b2419c9145c9e4c28c4ea5b7f4399f4c1278
                                                                            • Opcode Fuzzy Hash: feebd641607a6bdb305e1973ffb1fff39e075836858bd3ac31efe6f45548e22a
                                                                            • Instruction Fuzzy Hash: D9217C71E40108EFDB00DFA8C945BEEB7F8EF44345F1848D9E851A7251E730AA09CB60
                                                                            APIs
                                                                            • GetWindowLongW.USER32(?,000000EC), ref: 00B8280A
                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00B82824
                                                                            • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00B82832
                                                                            • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00B82840
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Long$AttributesLayered
                                                                            • String ID:
                                                                            • API String ID: 2169480361-0
                                                                            • Opcode ID: 4a1f4d27c5ddc5b4b8d83880bca9b03f974d11b002027b7ed246e881662509d4
                                                                            • Instruction ID: 8d4b8c58354560e58d4ab2da58cf7b598eb4c2bb4dd3e154fa0bd212f002f5f2
                                                                            • Opcode Fuzzy Hash: 4a1f4d27c5ddc5b4b8d83880bca9b03f974d11b002027b7ed246e881662509d4
                                                                            • Instruction Fuzzy Hash: 3121D335204115AFDB14AB24C845FAA7BE5EF45324F148198F8268B6F2CB75FC42C7A0
                                                                            APIs
                                                                              • Part of subcall function 00B58D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00B5790A,?,000000FF,?,00B58754,00000000,?,0000001C,?,?), ref: 00B58D8C
                                                                              • Part of subcall function 00B58D7D: lstrcpyW.KERNEL32(00000000,?), ref: 00B58DB2
                                                                              • Part of subcall function 00B58D7D: lstrcmpiW.KERNEL32(00000000,?,00B5790A,?,000000FF,?,00B58754,00000000,?,0000001C,?,?), ref: 00B58DE3
                                                                            • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00B58754,00000000,?,0000001C,?,?,00000000), ref: 00B57923
                                                                            • lstrcpyW.KERNEL32(00000000,?), ref: 00B57949
                                                                            • lstrcmpiW.KERNEL32(00000002,cdecl,?,00B58754,00000000,?,0000001C,?,?,00000000), ref: 00B57984
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: lstrcmpilstrcpylstrlen
                                                                            • String ID: cdecl
                                                                            • API String ID: 4031866154-3896280584
                                                                            • Opcode ID: 7c0448dea4025d0f5bea8d1821fc64b9127dae184f1889589991b59f2b035376
                                                                            • Instruction ID: b5907abaf07ff1664f7c7df9055a9647baafd54deed7cff74660a43a498d064e
                                                                            • Opcode Fuzzy Hash: 7c0448dea4025d0f5bea8d1821fc64b9127dae184f1889589991b59f2b035376
                                                                            • Instruction Fuzzy Hash: 8811037A300242BBCB25AF35E844E7A77E9FF85751B4040AAFC02C72A4EF719805C7A1
                                                                            APIs
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00B87D0B
                                                                            • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00B87D2A
                                                                            • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00B87D42
                                                                            • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00B6B7AD,00000000), ref: 00B87D6B
                                                                              • Part of subcall function 00B09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B09BB2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Long
                                                                            • String ID:
                                                                            • API String ID: 847901565-0
                                                                            • Opcode ID: bbd4a666efb96aacdf61ad21708c19e97c378e44662fdba2fd8ff8bef5a8c9aa
                                                                            • Instruction ID: cd22ccc25644eac881f087e4c039b940c30605ef9b91a1d168ba7c52b40f89e0
                                                                            • Opcode Fuzzy Hash: bbd4a666efb96aacdf61ad21708c19e97c378e44662fdba2fd8ff8bef5a8c9aa
                                                                            • Instruction Fuzzy Hash: 41118E72544615AFCB10AF28CC04EA63BE5EF463A4B258764F835D72F1EB30D951CB50
                                                                            APIs
                                                                            • SendMessageW.USER32(?,00001060,?,00000004), ref: 00B856BB
                                                                            • _wcslen.LIBCMT ref: 00B856CD
                                                                            • _wcslen.LIBCMT ref: 00B856D8
                                                                            • SendMessageW.USER32(?,00001002,00000000,?), ref: 00B85816
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend_wcslen
                                                                            • String ID:
                                                                            • API String ID: 455545452-0
                                                                            • Opcode ID: ffd5671afb89b42c2764d9fe1b10dad73e5f77f636d30ff235e208c8ee4db68b
                                                                            • Instruction ID: b8b34e3167176c3275353568e2c7f0db888d4e532bf7fc79a818edbfbd0c69e2
                                                                            • Opcode Fuzzy Hash: ffd5671afb89b42c2764d9fe1b10dad73e5f77f636d30ff235e208c8ee4db68b
                                                                            • Instruction Fuzzy Hash: C611D3756006089ADF30AF65CCC5AEE77ECEF11764B5040A6F915D61A1EB70DA84CB60
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: c5e93dcfcfad22431b7a1145290aa34fa1281afc5c432b81020ae99343d1ab3f
                                                                            • Instruction ID: e195407ccaa4c1ad71fb0b6f5fd66239211638af4e23e2f27b50064c69e2522d
                                                                            • Opcode Fuzzy Hash: c5e93dcfcfad22431b7a1145290aa34fa1281afc5c432b81020ae99343d1ab3f
                                                                            • Instruction Fuzzy Hash: FF018FB220962ABEF621267C7CC0F27669CDF553F8B300BB5F539A11D2DB648C414170
                                                                            APIs
                                                                            • SendMessageW.USER32(?,000000B0,?,?), ref: 00B51A47
                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00B51A59
                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00B51A6F
                                                                            • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00B51A8A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID:
                                                                            • API String ID: 3850602802-0
                                                                            • Opcode ID: 8d1aaa930399dfbd2cad329addf4bbf7ea866af37920ba6d0d67b8cd91517dbf
                                                                            • Instruction ID: eb3d3210237407a2ed893e5d6e4f7da28be923ec0eaa9d910351d9a6bb8c7359
                                                                            • Opcode Fuzzy Hash: 8d1aaa930399dfbd2cad329addf4bbf7ea866af37920ba6d0d67b8cd91517dbf
                                                                            • Instruction Fuzzy Hash: 31113C3AD01219FFEB11DFA8CD85FADBBB8EB04750F200491EA10B7290D6716E50DB94
                                                                            APIs
                                                                            • GetCurrentThreadId.KERNEL32 ref: 00B5E1FD
                                                                            • MessageBoxW.USER32(?,?,?,?), ref: 00B5E230
                                                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00B5E246
                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00B5E24D
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                            • String ID:
                                                                            • API String ID: 2880819207-0
                                                                            • Opcode ID: ef9a9d020dff58cc859b96a3724fa48dfad4de5ffd0055a18d7a02b3ed18e321
                                                                            • Instruction ID: e0222fea35821567db7236cb6d435c65a64834d30f4f724a080a7f6814f52d87
                                                                            • Opcode Fuzzy Hash: ef9a9d020dff58cc859b96a3724fa48dfad4de5ffd0055a18d7a02b3ed18e321
                                                                            • Instruction Fuzzy Hash: FE11A5B6904254BBC7059FA8EC49E9A7FACDB86315F044695F934E3291DAB1CA0487A0
                                                                            APIs
                                                                            • CreateThread.KERNEL32(00000000,?,00B1CFF9,00000000,00000004,00000000), ref: 00B1D218
                                                                            • GetLastError.KERNEL32 ref: 00B1D224
                                                                            • __dosmaperr.LIBCMT ref: 00B1D22B
                                                                            • ResumeThread.KERNEL32(00000000), ref: 00B1D249
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                            • String ID:
                                                                            • API String ID: 173952441-0
                                                                            • Opcode ID: c70731c1db90ae29207914230e7af526160b5491490773ccab18e6fe71ab37ee
                                                                            • Instruction ID: 29fac23eada6e020966dfe3efbcce7b5ab6d94475e2735f66eb753e86b4d2a3d
                                                                            • Opcode Fuzzy Hash: c70731c1db90ae29207914230e7af526160b5491490773ccab18e6fe71ab37ee
                                                                            • Instruction Fuzzy Hash: 5601D276905204BBCB116BA5DC09BEA7FE9DF81330F600299F925921E0DF718981C7E0
                                                                            APIs
                                                                              • Part of subcall function 00B09BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00B09BB2
                                                                            • GetClientRect.USER32(?,?), ref: 00B89F31
                                                                            • GetCursorPos.USER32(?), ref: 00B89F3B
                                                                            • ScreenToClient.USER32(?,?), ref: 00B89F46
                                                                            • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00B89F7A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Client$CursorLongProcRectScreenWindow
                                                                            • String ID:
                                                                            • API String ID: 4127811313-0
                                                                            • Opcode ID: 503eba4580f3e8ec9726d56c28c7c2bf2f711a0e49ab31957528676ecfd49be0
                                                                            • Instruction ID: da6d0f32c3fedab0a2086e4d3cc3b68966812bee7cd5c64dec886e6feee71bf8
                                                                            • Opcode Fuzzy Hash: 503eba4580f3e8ec9726d56c28c7c2bf2f711a0e49ab31957528676ecfd49be0
                                                                            • Instruction Fuzzy Hash: F011187290011AABDF15EFA8D885DFE7BB9FB45311F140495FA12E3161D730BA81CBA1
                                                                            APIs
                                                                            • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00AF604C
                                                                            • GetStockObject.GDI32(00000011), ref: 00AF6060
                                                                            • SendMessageW.USER32(00000000,00000030,00000000), ref: 00AF606A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CreateMessageObjectSendStockWindow
                                                                            • String ID:
                                                                            • API String ID: 3970641297-0
                                                                            • Opcode ID: 537efc82d617e6a55f6bac48f0aad0669840e011f733addb1f89d8cad6290024
                                                                            • Instruction ID: b204392c70c13f88257c3dc6c5ddb4066939aefebb2b0a9de809803e5d97b0ca
                                                                            • Opcode Fuzzy Hash: 537efc82d617e6a55f6bac48f0aad0669840e011f733addb1f89d8cad6290024
                                                                            • Instruction Fuzzy Hash: 47115BB250150DBFEF125FA49C44EFABF79EF093A5F144215FA1552120DB329C60DBA0
                                                                            APIs
                                                                            • ___BuildCatchObject.LIBVCRUNTIME ref: 00B13B56
                                                                              • Part of subcall function 00B13AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00B13AD2
                                                                              • Part of subcall function 00B13AA3: ___AdjustPointer.LIBCMT ref: 00B13AED
                                                                            • _UnwindNestedFrames.LIBCMT ref: 00B13B6B
                                                                            • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00B13B7C
                                                                            • CallCatchBlock.LIBVCRUNTIME ref: 00B13BA4
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                            • String ID:
                                                                            • API String ID: 737400349-0
                                                                            • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                            • Instruction ID: 9b15e76aef7e79ad926ea9e8a32a9cab133742fbd85da131bb29400dcaf5e741
                                                                            • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                            • Instruction Fuzzy Hash: CB014C72100148BBDF125E95CC46EEB7FEDEF49B54F444094FE4856121E732E9A1DBA0
                                                                            APIs
                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00AF13C6,00000000,00000000,?,00B2301A,00AF13C6,00000000,00000000,00000000,?,00B2328B,00000006,FlsSetValue), ref: 00B230A5
                                                                            • GetLastError.KERNEL32(?,00B2301A,00AF13C6,00000000,00000000,00000000,?,00B2328B,00000006,FlsSetValue,00B92290,FlsSetValue,00000000,00000364,?,00B22E46), ref: 00B230B1
                                                                            • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00B2301A,00AF13C6,00000000,00000000,00000000,?,00B2328B,00000006,FlsSetValue,00B92290,FlsSetValue,00000000), ref: 00B230BF
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LibraryLoad$ErrorLast
                                                                            • String ID:
                                                                            • API String ID: 3177248105-0
                                                                            • Opcode ID: f20d5053da2261c7c3e143cd989b71b31f045bad544b8f258e0eb8ddb84cdd1b
                                                                            • Instruction ID: 775187b83ed9e7a06f175b802d4d642e890da246d006f936470f4daa1e9b9fa7
                                                                            • Opcode Fuzzy Hash: f20d5053da2261c7c3e143cd989b71b31f045bad544b8f258e0eb8ddb84cdd1b
                                                                            • Instruction Fuzzy Hash: A201D472701236ABCB214A78BC84B577BD8EF05F61B200660F909E7190CB35D902C7F0
                                                                            APIs
                                                                            • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00B5747F
                                                                            • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00B57497
                                                                            • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00B574AC
                                                                            • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00B574CA
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Type$Register$FileLoadModuleNameUser
                                                                            • String ID:
                                                                            • API String ID: 1352324309-0
                                                                            • Opcode ID: 5063d6f70de478f044a035a50f2cdf640177c97a1b4219e8e870b3f6e3af4d39
                                                                            • Instruction ID: fda02021e6d83a84c24ce9af6892c5dfe0c020ad5721034937f76fb0861b3ae4
                                                                            • Opcode Fuzzy Hash: 5063d6f70de478f044a035a50f2cdf640177c97a1b4219e8e870b3f6e3af4d39
                                                                            • Instruction Fuzzy Hash: ED117CB13453119BE7208F24FC48F927FF8EB04B01F1085E9AA16D7251DB70E948DBA1
                                                                            APIs
                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00B5ACD3,?,00008000), ref: 00B5B0C4
                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00B5ACD3,?,00008000), ref: 00B5B0E9
                                                                            • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00B5ACD3,?,00008000), ref: 00B5B0F3
                                                                            • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00B5ACD3,?,00008000), ref: 00B5B126
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CounterPerformanceQuerySleep
                                                                            • String ID:
                                                                            • API String ID: 2875609808-0
                                                                            • Opcode ID: 4c7910775f6d09bd19b0c5d914ee39fffc661d54540d55d173090c166f68ee2f
                                                                            • Instruction ID: 18f930723b26f562a66862e81a06915a3667725f6ff965ba8ae11207b2a74d12
                                                                            • Opcode Fuzzy Hash: 4c7910775f6d09bd19b0c5d914ee39fffc661d54540d55d173090c166f68ee2f
                                                                            • Instruction Fuzzy Hash: E7112771C01928EBCF00AFA5E998BEEBFB8FB09712F1044C5D941B2195CB309654CB61
                                                                            APIs
                                                                            • GetWindowRect.USER32(?,?), ref: 00B87E33
                                                                            • ScreenToClient.USER32(?,?), ref: 00B87E4B
                                                                            • ScreenToClient.USER32(?,?), ref: 00B87E6F
                                                                            • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00B87E8A
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClientRectScreen$InvalidateWindow
                                                                            • String ID:
                                                                            • API String ID: 357397906-0
                                                                            • Opcode ID: 0ac95444c7b805ca380cefc193bd239c54a271228c6695cea344eb13a233aa08
                                                                            • Instruction ID: 503518b9b6df28eddd13f1e80e29b85dabdf21ff31e6ef9ad87bc60c3eb58f87
                                                                            • Opcode Fuzzy Hash: 0ac95444c7b805ca380cefc193bd239c54a271228c6695cea344eb13a233aa08
                                                                            • Instruction Fuzzy Hash: 0F1159B9D00209AFDB41DF98C444AEEBBF9FF08310F505066E925E3220D735AA54CF50
                                                                            APIs
                                                                            • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00B52DC5
                                                                            • GetWindowThreadProcessId.USER32(?,00000000), ref: 00B52DD6
                                                                            • GetCurrentThreadId.KERNEL32 ref: 00B52DDD
                                                                            • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00B52DE4
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                            • String ID:
                                                                            • API String ID: 2710830443-0
                                                                            • Opcode ID: 4fc5cef0fd18c026e4b975b25c6fc9f27e71a01f13a85715a4c5519e95a73433
                                                                            • Instruction ID: 27b2d86a0378d9c81411d6d34f2b77e81cba1818ad1a91533d7464bbc0d2d3a5
                                                                            • Opcode Fuzzy Hash: 4fc5cef0fd18c026e4b975b25c6fc9f27e71a01f13a85715a4c5519e95a73433
                                                                            • Instruction Fuzzy Hash: 74E0E5B1501224B6D72017629C4DFE77E6CEB57B62F500165B905D70909AB58545C7B0
                                                                            APIs
                                                                              • Part of subcall function 00B09639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00B09693
                                                                              • Part of subcall function 00B09639: SelectObject.GDI32(?,00000000), ref: 00B096A2
                                                                              • Part of subcall function 00B09639: BeginPath.GDI32(?), ref: 00B096B9
                                                                              • Part of subcall function 00B09639: SelectObject.GDI32(?,00000000), ref: 00B096E2
                                                                            • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00B88887
                                                                            • LineTo.GDI32(?,?,?), ref: 00B88894
                                                                            • EndPath.GDI32(?), ref: 00B888A4
                                                                            • StrokePath.GDI32(?), ref: 00B888B2
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                            • String ID:
                                                                            • API String ID: 1539411459-0
                                                                            • Opcode ID: b6b70f225636afdeecb34f3cc96eb147247be1f5ff28f38cb82f551e8155c236
                                                                            • Instruction ID: 7cf0d7ce4d913b5dc93403c8055f7d56251c373920a79843bfb73f826fd09720
                                                                            • Opcode Fuzzy Hash: b6b70f225636afdeecb34f3cc96eb147247be1f5ff28f38cb82f551e8155c236
                                                                            • Instruction Fuzzy Hash: 38F03A36041258BBDB126F94AC09FCA3E59AF0A310F448040FA11660F2CBB55511CBA5
                                                                            APIs
                                                                            • GetSysColor.USER32(00000008), ref: 00B098CC
                                                                            • SetTextColor.GDI32(?,?), ref: 00B098D6
                                                                            • SetBkMode.GDI32(?,00000001), ref: 00B098E9
                                                                            • GetStockObject.GDI32(00000005), ref: 00B098F1
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Color$ModeObjectStockText
                                                                            • String ID:
                                                                            • API String ID: 4037423528-0
                                                                            • Opcode ID: ca26a747d4f95f5aba5c7b16f8c0d7b44ffd25f65b611aae5b3d4715ec8df886
                                                                            • Instruction ID: 58af2fc7eef3f82cc654b1e4c9ce872a2c2f3f9aa7673988abc006a0968ff192
                                                                            • Opcode Fuzzy Hash: ca26a747d4f95f5aba5c7b16f8c0d7b44ffd25f65b611aae5b3d4715ec8df886
                                                                            • Instruction Fuzzy Hash: 8BE06571244240AEDB215B74BC1DBE83F50EB11335F04825AF6F5590F1CB714640DB20
                                                                            APIs
                                                                            • GetCurrentThread.KERNEL32 ref: 00B51634
                                                                            • OpenThreadToken.ADVAPI32(00000000,?,?,?,00B511D9), ref: 00B5163B
                                                                            • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00B511D9), ref: 00B51648
                                                                            • OpenProcessToken.ADVAPI32(00000000,?,?,?,00B511D9), ref: 00B5164F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CurrentOpenProcessThreadToken
                                                                            • String ID:
                                                                            • API String ID: 3974789173-0
                                                                            • Opcode ID: c141a2dba0ecfcad990dbd1081bc4caf3345fa98095895a5a67b763f8154e77e
                                                                            • Instruction ID: d30bd1728d94afe14e88f53c138e320ecf775ae70a6ab78e091e1af124eb71cb
                                                                            • Opcode Fuzzy Hash: c141a2dba0ecfcad990dbd1081bc4caf3345fa98095895a5a67b763f8154e77e
                                                                            • Instruction Fuzzy Hash: ABE08CB2602211EBD7201FB4AE0DB863FBCEF457D2F158888F645CA0A0EA348445CB78
                                                                            APIs
                                                                            • GetDesktopWindow.USER32 ref: 00B4D858
                                                                            • GetDC.USER32(00000000), ref: 00B4D862
                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00B4D882
                                                                            • ReleaseDC.USER32(?), ref: 00B4D8A3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                            • String ID:
                                                                            • API String ID: 2889604237-0
                                                                            • Opcode ID: 006b826e6cefe69c6a70c826b240fec315891193e839916714d091400892b677
                                                                            • Instruction ID: 12c578dc70757889c1d2e61bedc9980fcea25adba81fdfa1e032664c351b40b1
                                                                            • Opcode Fuzzy Hash: 006b826e6cefe69c6a70c826b240fec315891193e839916714d091400892b677
                                                                            • Instruction Fuzzy Hash: 2EE075B5800205DFCB419FA1994866DBFB5AB48311B148459E946E7260DB389941EF60
                                                                            APIs
                                                                            • GetDesktopWindow.USER32 ref: 00B4D86C
                                                                            • GetDC.USER32(00000000), ref: 00B4D876
                                                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00B4D882
                                                                            • ReleaseDC.USER32(?), ref: 00B4D8A3
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CapsDesktopDeviceReleaseWindow
                                                                            • String ID:
                                                                            • API String ID: 2889604237-0
                                                                            • Opcode ID: 8661caaf4924552412b88ec7dec6f3677bd3b6774b6ac302efdecf742bf7ca7c
                                                                            • Instruction ID: 9a83d11938822d8b91aa2ef09bbb29116fe9ede557d23509074f4ff762ea55bd
                                                                            • Opcode Fuzzy Hash: 8661caaf4924552412b88ec7dec6f3677bd3b6774b6ac302efdecf742bf7ca7c
                                                                            • Instruction Fuzzy Hash: F4E092B5800205EFCB51AFB1E94866DBFB5BB48311B148459F94AE72A0EB389901EF60
                                                                            APIs
                                                                              • Part of subcall function 00AF7620: _wcslen.LIBCMT ref: 00AF7625
                                                                            • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00B64ED4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Connection_wcslen
                                                                            • String ID: *$LPT
                                                                            • API String ID: 1725874428-3443410124
                                                                            • Opcode ID: a0d5611ec35dd90509f31616a1e8a047cec713333eb74c8211b721e5e59c19d2
                                                                            • Instruction ID: 62aa87dbd3814ebbda28d492e454e0a6dbcaaaa21c7c670c6952645398b0621c
                                                                            • Opcode Fuzzy Hash: a0d5611ec35dd90509f31616a1e8a047cec713333eb74c8211b721e5e59c19d2
                                                                            • Instruction Fuzzy Hash: FE912B75A006049FCB14DF58C584EAABBF1EF44304F1980D9E80A9B3A2D779ED85CB91
                                                                            APIs
                                                                            • __startOneArgErrorHandling.LIBCMT ref: 00B1E30D
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorHandling__start
                                                                            • String ID: pow
                                                                            • API String ID: 3213639722-2276729525
                                                                            • Opcode ID: 38134a20f69d891ee3d5c110667182930c31f6fda2e1bda0fad216418f035094
                                                                            • Instruction ID: 8fada1d92eef2bfb2d8f8936784706fd1b82e7f0bc00c2d08461c90a7fb3df86
                                                                            • Opcode Fuzzy Hash: 38134a20f69d891ee3d5c110667182930c31f6fda2e1bda0fad216418f035094
                                                                            • Instruction Fuzzy Hash: 1D517CA1A4C11296CB167724E9417FA2BD8DB00740F744DE9E8B9433A9DF34CCC59A8E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: #
                                                                            • API String ID: 0-1885708031
                                                                            • Opcode ID: 8e161233b15c3f29a6d9f8867638bec563f7eac185d375200be4d4f4ce32e4e0
                                                                            • Instruction ID: 4994f076facf999becfc21bd2c8fb41951eb495e4c44235c7831c2ba491d82a0
                                                                            • Opcode Fuzzy Hash: 8e161233b15c3f29a6d9f8867638bec563f7eac185d375200be4d4f4ce32e4e0
                                                                            • Instruction Fuzzy Hash: 8351017550024ADFDF15DF68C481ABA7BE4FF55320F244495F8A1AB2D0DA34DE42DBA0
                                                                            APIs
                                                                            • Sleep.KERNEL32(00000000), ref: 00B0F2A2
                                                                            • GlobalMemoryStatusEx.KERNEL32(?), ref: 00B0F2BB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: GlobalMemorySleepStatus
                                                                            • String ID: @
                                                                            • API String ID: 2783356886-2766056989
                                                                            • Opcode ID: 714acbd3b731d345839f0b6f8e168a8ed5c6122bdbac35127ecee9a40e68e13d
                                                                            • Instruction ID: a6aed681150fc31c54e16cb548dc47c3434d4b90ff4887bdc9c8b8abd4bf404d
                                                                            • Opcode Fuzzy Hash: 714acbd3b731d345839f0b6f8e168a8ed5c6122bdbac35127ecee9a40e68e13d
                                                                            • Instruction Fuzzy Hash: 035159714087499BD320AF55D986BBFBBF8FF85310F81484CF29941195EF708929CB66
                                                                            APIs
                                                                            • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00B757E0
                                                                            • _wcslen.LIBCMT ref: 00B757EC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: BuffCharUpper_wcslen
                                                                            • String ID: CALLARGARRAY
                                                                            • API String ID: 157775604-1150593374
                                                                            • Opcode ID: 6a6730d0759d8a8762aff34ea6d5962c15b670277a336cf387fe0c97d3bdc9bf
                                                                            • Instruction ID: 73992ed4f37c8f1786f44990298bb2a8e93997a58ab20bad361f382e1a42b62b
                                                                            • Opcode Fuzzy Hash: 6a6730d0759d8a8762aff34ea6d5962c15b670277a336cf387fe0c97d3bdc9bf
                                                                            • Instruction Fuzzy Hash: 3A418171E001099FCB14DFA9C8819BEBBF5FF59350F1480A9E519A7291E7709D81CBA1
                                                                            APIs
                                                                            • _wcslen.LIBCMT ref: 00B6D130
                                                                            • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00B6D13A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CrackInternet_wcslen
                                                                            • String ID: |
                                                                            • API String ID: 596671847-2343686810
                                                                            • Opcode ID: 97a0f0d02c10b7272419c45c90498aa7e0e091568a9506a5950266104fbf2f8d
                                                                            • Instruction ID: 3ec5e2252bef17e035c11158e7162992146e1f2707dfc05125b73d665a651d09
                                                                            • Opcode Fuzzy Hash: 97a0f0d02c10b7272419c45c90498aa7e0e091568a9506a5950266104fbf2f8d
                                                                            • Instruction Fuzzy Hash: 21312A71D00209ABCF15EFE5CD85AEEBFB9FF05340F000059F919A6162EB75AA56CB60
                                                                            APIs
                                                                            • DestroyWindow.USER32(?,?,?,?), ref: 00B83621
                                                                            • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00B8365C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$DestroyMove
                                                                            • String ID: static
                                                                            • API String ID: 2139405536-2160076837
                                                                            • Opcode ID: 4deb1009d292ac904afa8243ac1740712250038c6202cd8d47df0a009641f304
                                                                            • Instruction ID: f69c4129b02ebee65a872ce6997b227f1c531fc015e7b6bf1fdd69e321dfbb6f
                                                                            • Opcode Fuzzy Hash: 4deb1009d292ac904afa8243ac1740712250038c6202cd8d47df0a009641f304
                                                                            • Instruction Fuzzy Hash: 1C319071110604AEDB10EF68DC80EFB77E9FF58B20F108619F9A5972A0DA30AD91C760
                                                                            APIs
                                                                            • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00B8461F
                                                                            • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00B84634
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID: '
                                                                            • API String ID: 3850602802-1997036262
                                                                            • Opcode ID: 03b5e217e6913beaf789a961c28dda118ae2750550c6f5cbe7a31b7554d8fb2a
                                                                            • Instruction ID: 55e50a916155a21680b263c59b02087247da05ebcbad5ca4d5699244f4d93e2d
                                                                            • Opcode Fuzzy Hash: 03b5e217e6913beaf789a961c28dda118ae2750550c6f5cbe7a31b7554d8fb2a
                                                                            • Instruction Fuzzy Hash: 133115B4A0020A9FDF14DFA9C980ADA7BF5FF19300F1044AAE904AB361E770A941CF90
                                                                            APIs
                                                                            • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00B8327C
                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00B83287
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID: Combobox
                                                                            • API String ID: 3850602802-2096851135
                                                                            • Opcode ID: e901cd2b070d2325eaed2741385f5752a8bb03031370996673b344632775c84a
                                                                            • Instruction ID: 7a25fdd9f9ab137ea79278b62bdbed32839f93985d9ad8da99f8b0aeccbdd578
                                                                            • Opcode Fuzzy Hash: e901cd2b070d2325eaed2741385f5752a8bb03031370996673b344632775c84a
                                                                            • Instruction Fuzzy Hash: 6911B2713002097FEF21AE94DC84EBB3BEAEB98B64F104164F918A72A1DA71DD51C760
                                                                            APIs
                                                                              • Part of subcall function 00AF600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00AF604C
                                                                              • Part of subcall function 00AF600E: GetStockObject.GDI32(00000011), ref: 00AF6060
                                                                              • Part of subcall function 00AF600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00AF606A
                                                                            • GetWindowRect.USER32(00000000,?), ref: 00B8377A
                                                                            • GetSysColor.USER32(00000012), ref: 00B83794
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                            • String ID: static
                                                                            • API String ID: 1983116058-2160076837
                                                                            • Opcode ID: 8e9651142dce00c47d69750f28db516c6eed4042e9a40bedeb9d8cf6296b925c
                                                                            • Instruction ID: af82f4475a0b83a40cab77bdc28ee3a4d6e1fddca32b33e3c82f06ff99372836
                                                                            • Opcode Fuzzy Hash: 8e9651142dce00c47d69750f28db516c6eed4042e9a40bedeb9d8cf6296b925c
                                                                            • Instruction Fuzzy Hash: 7D1129B6610209AFDF00EFA8CC46EEA7BF8EB08714F004955F955E3260EB35E851DB60
                                                                            APIs
                                                                            • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00B6CD7D
                                                                            • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00B6CDA6
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Internet$OpenOption
                                                                            • String ID: <local>
                                                                            • API String ID: 942729171-4266983199
                                                                            • Opcode ID: 6a59101f68c8bf6295007784b7543c033fad364a86649658383fdb5cbecd84b5
                                                                            • Instruction ID: 76bd4fb5644af5a3ba1578e1a3aa54b229b8b85e3360c1e7c58a0e1a9ab4bba8
                                                                            • Opcode Fuzzy Hash: 6a59101f68c8bf6295007784b7543c033fad364a86649658383fdb5cbecd84b5
                                                                            • Instruction Fuzzy Hash: 9E11C6752056317AD7345B668C85EF7BEECEF127A4F1042B6B19983090D7789C44D6F0
                                                                            APIs
                                                                            • GetWindowTextLengthW.USER32(00000000), ref: 00B834AB
                                                                            • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00B834BA
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LengthMessageSendTextWindow
                                                                            • String ID: edit
                                                                            • API String ID: 2978978980-2167791130
                                                                            • Opcode ID: 6067e9e89ec81200438698de573616e196b9d117f18ccac21277f62cdfe2045e
                                                                            • Instruction ID: 6216547185af5bec339fa937279a6b22f356ef0fadff8df834bac9ad1df67c25
                                                                            • Opcode Fuzzy Hash: 6067e9e89ec81200438698de573616e196b9d117f18ccac21277f62cdfe2045e
                                                                            • Instruction Fuzzy Hash: 8A119D71100108ABEB12AE64DC84ABA3BEAEF05B74F544764F961932F0C771DC91D760
                                                                            APIs
                                                                              • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                            • CharUpperBuffW.USER32(?,?,?), ref: 00B56CB6
                                                                            • _wcslen.LIBCMT ref: 00B56CC2
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen$BuffCharUpper
                                                                            • String ID: STOP
                                                                            • API String ID: 1256254125-2411985666
                                                                            • Opcode ID: b787d95732fb7cc1cb3537372b83ebab6f10bb474992f8f24ceb3300a1235f4a
                                                                            • Instruction ID: aa5f0932a1c183afa619c4c1f1cf19352928754739c3672eaaa6d15909a22a1c
                                                                            • Opcode Fuzzy Hash: b787d95732fb7cc1cb3537372b83ebab6f10bb474992f8f24ceb3300a1235f4a
                                                                            • Instruction Fuzzy Hash: FB01C432A0052A8BCB219FFDDC80ABF77F5EA6572179009F4EC5297190FB31D948C650
                                                                            APIs
                                                                              • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                              • Part of subcall function 00B53CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00B53CCA
                                                                            • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00B51D4C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 624084870-1403004172
                                                                            • Opcode ID: c95d2b3e72520499f1eaecf58e7678d701bca69aaaeae768cc1efc2882d84e89
                                                                            • Instruction ID: cad2b5aaa9c880aa06790b65322948e2f54d7f7c1bbf7ed7f66f05eb94e70f90
                                                                            • Opcode Fuzzy Hash: c95d2b3e72520499f1eaecf58e7678d701bca69aaaeae768cc1efc2882d84e89
                                                                            • Instruction Fuzzy Hash: 6E01B571601218AB8B14EFA4CD51BFF77F8EB46390B0409A9FC22673D1EA71590D8661
                                                                            APIs
                                                                              • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                              • Part of subcall function 00B53CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00B53CCA
                                                                            • SendMessageW.USER32(?,00000180,00000000,?), ref: 00B51C46
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 624084870-1403004172
                                                                            • Opcode ID: 3dc29c58053182f2a213944a256ff7ed2682cf4423db30d429426ee550760529
                                                                            • Instruction ID: d85b05c38e148be152c27040ac48d816c7eb81fffa3930986978e6bdc014268f
                                                                            • Opcode Fuzzy Hash: 3dc29c58053182f2a213944a256ff7ed2682cf4423db30d429426ee550760529
                                                                            • Instruction Fuzzy Hash: 8801A7756811086BCB14EBD4CA51BFF77E8DF11381F1404D9FD0667291EA619E0CC6B2
                                                                            APIs
                                                                              • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                              • Part of subcall function 00B53CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00B53CCA
                                                                            • SendMessageW.USER32(?,00000182,?,00000000), ref: 00B51CC8
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 624084870-1403004172
                                                                            • Opcode ID: be58b7efb496015f6b7572f90265d270d5ea638b7bd4034129d7fac973e6c3b6
                                                                            • Instruction ID: 4c0591a2b90ec2132fcb13bc36ddfcd0dbf6f61c1704d81475d2516701133cc6
                                                                            • Opcode Fuzzy Hash: be58b7efb496015f6b7572f90265d270d5ea638b7bd4034129d7fac973e6c3b6
                                                                            • Instruction Fuzzy Hash: AE01A2B16802186BDB14EBA5CB41BFF77E8DB11381F140495BD02B7281EA629F0DC6B2
                                                                            APIs
                                                                              • Part of subcall function 00AF9CB3: _wcslen.LIBCMT ref: 00AF9CBD
                                                                              • Part of subcall function 00B53CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00B53CCA
                                                                            • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00B51DD3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ClassMessageNameSend_wcslen
                                                                            • String ID: ComboBox$ListBox
                                                                            • API String ID: 624084870-1403004172
                                                                            • Opcode ID: c047d81338f5214c6182756228c9659718826d04e44436995f43173651b71c2a
                                                                            • Instruction ID: 5fa00a933364d5a1057e66c3be757eee1c751d5abca714c98540aeec60e634c9
                                                                            • Opcode Fuzzy Hash: c047d81338f5214c6182756228c9659718826d04e44436995f43173651b71c2a
                                                                            • Instruction Fuzzy Hash: 32F0A971A412186BDB14EBE5CD91BFF77F8EB01791F040DA5FD22632D1DA70590C8261
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: _wcslen
                                                                            • String ID: 3, 3, 16, 1
                                                                            • API String ID: 176396367-3042988571
                                                                            • Opcode ID: 1ce600b5b5749a98808abab341f6bcb3cb2ce1c99818c9743b7a4d5176ea4b4b
                                                                            • Instruction ID: 63e25f6e7738522d8d949fe4cc0798732b3c5be98b685694039089e46b833631
                                                                            • Opcode Fuzzy Hash: 1ce600b5b5749a98808abab341f6bcb3cb2ce1c99818c9743b7a4d5176ea4b4b
                                                                            • Instruction Fuzzy Hash: 3DE02B02254220149231127A9CC19BF56C9DFC579075418ABF999C23B6EF948DD293A0
                                                                            APIs
                                                                            • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00B50B23
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Message
                                                                            • String ID: AutoIt$Error allocating memory.
                                                                            • API String ID: 2030045667-4017498283
                                                                            • Opcode ID: 8c09a4115191545397dc46c3e75fea90d78173bc7fecc78648c3b882ac1687b2
                                                                            • Instruction ID: b9e6ec9d1b9834e274a9b0031832547cfddd36e8f0531e54eaaf60b5cbff45b7
                                                                            • Opcode Fuzzy Hash: 8c09a4115191545397dc46c3e75fea90d78173bc7fecc78648c3b882ac1687b2
                                                                            • Instruction Fuzzy Hash: FDE0487234431926D22437947C43FD97EC4DF05B51F1004E6FB98555E38BE1649047F9
                                                                            APIs
                                                                              • Part of subcall function 00B0F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00B10D71,?,?,?,00AF100A), ref: 00B0F7CE
                                                                            • IsDebuggerPresent.KERNEL32(?,?,?,00AF100A), ref: 00B10D75
                                                                            • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00AF100A), ref: 00B10D84
                                                                            Strings
                                                                            • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00B10D7F
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                            • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                            • API String ID: 55579361-631824599
                                                                            • Opcode ID: 6d4bb3d9861707bdb7b166a27bd0a167cda772d0b144706f7870b1224bd3d718
                                                                            • Instruction ID: 7038be08ca3e321aa67ca69dcba63c076e8c2ef607eeac1d663d305b99497040
                                                                            • Opcode Fuzzy Hash: 6d4bb3d9861707bdb7b166a27bd0a167cda772d0b144706f7870b1224bd3d718
                                                                            • Instruction Fuzzy Hash: 6FE065702003418BD330AFBCE4047527FE0AB04745F4049BDE882C7665DBF4E484CBA1
                                                                            APIs
                                                                            • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00B6302F
                                                                            • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00B63044
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: Temp$FileNamePath
                                                                            • String ID: aut
                                                                            • API String ID: 3285503233-3010740371
                                                                            • Opcode ID: b0b95a7ef86248e61b9f6264c73d41566aa7e97d5b62198bd69cc8cb1a5ad05f
                                                                            • Instruction ID: f72643753fe3a53cff91ecba3b3760e7e719a127fc031da32365b092d2491906
                                                                            • Opcode Fuzzy Hash: b0b95a7ef86248e61b9f6264c73d41566aa7e97d5b62198bd69cc8cb1a5ad05f
                                                                            • Instruction Fuzzy Hash: 54D05EB250032867DA20ABA4AC0EFDB3F6CDB04750F0002A1B655E30E1DEF49984CBE0
                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: LocalTime
                                                                            • String ID: %.3d$X64
                                                                            • API String ID: 481472006-1077770165
                                                                            • Opcode ID: a607afe51560b79938432e77b86fcaca0c91145ea5ac21ee91e11f2c9367bcc6
                                                                            • Instruction ID: 0746a2c24bd4bb55ed70aa91123bcde94592fb32aae3c7173cd70a0d8f9aeb58
                                                                            • Opcode Fuzzy Hash: a607afe51560b79938432e77b86fcaca0c91145ea5ac21ee91e11f2c9367bcc6
                                                                            • Instruction Fuzzy Hash: B1D012B1808119EACB9097D0CCC99B9B7FCFB08301F5084D2F80692080E674C609BB61
                                                                            APIs
                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00B8232C
                                                                            • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00B8233F
                                                                              • Part of subcall function 00B5E97B: Sleep.KERNEL32 ref: 00B5E9F3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FindMessagePostSleepWindow
                                                                            • String ID: Shell_TrayWnd
                                                                            • API String ID: 529655941-2988720461
                                                                            • Opcode ID: a3e4e276fd8cce0731defa85bd07de4d0412aeb5907e5bbe6067ff7039d9c38b
                                                                            • Instruction ID: c505e4f905b86fe55b59f1b1b7f34e50e8da46d7157f15a432d50a3bad6d0aae
                                                                            • Opcode Fuzzy Hash: a3e4e276fd8cce0731defa85bd07de4d0412aeb5907e5bbe6067ff7039d9c38b
                                                                            • Instruction Fuzzy Hash: 50D0A972380300B7E668A3309C0FFC66A44AB00B00F0009527A05AB0E0CDF0A805CB20
                                                                            APIs
                                                                            • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00B8236C
                                                                            • PostMessageW.USER32(00000000), ref: 00B82373
                                                                              • Part of subcall function 00B5E97B: Sleep.KERNEL32 ref: 00B5E9F3
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: FindMessagePostSleepWindow
                                                                            • String ID: Shell_TrayWnd
                                                                            • API String ID: 529655941-2988720461
                                                                            • Opcode ID: 8e0e632374f1dae579cf5be28e743a8a7ff2b31460c5aaa9c9576b0846c62499
                                                                            • Instruction ID: 8b1729db3ef5d897aa73bf6e62e8eefef862a6ae35bb07949172548db4d18cda
                                                                            • Opcode Fuzzy Hash: 8e0e632374f1dae579cf5be28e743a8a7ff2b31460c5aaa9c9576b0846c62499
                                                                            • Instruction Fuzzy Hash: 0AD0A9723803007BE668A3309C0FFC66A44AB00B00F0009527A01AB0E0CDF0A805CB24
                                                                            APIs
                                                                            • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00B2BE93
                                                                            • GetLastError.KERNEL32 ref: 00B2BEA1
                                                                            • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00B2BEFC
                                                                            Memory Dump Source
                                                                            • Source File: 00000000.00000002.2087480562.0000000000AF1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AF0000, based on PE: true
                                                                            • Associated: 00000000.00000002.2087190331.0000000000AF0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000B8C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088226189.0000000000BB2000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088632795.0000000000BBC000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000000.00000002.2088814390.0000000000BC4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_0_2_af0000_file.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWide$ErrorLast
                                                                            • String ID:
                                                                            • API String ID: 1717984340-0
                                                                            • Opcode ID: 97da4a7e6ebf8634bee297a9b88ae5d708e68b483fba8d68712357438d20000c
                                                                            • Instruction ID: 6e188df5ef44fd2a8fcd5845aa05276c00aca28e7b6dd7f66b45c95ad3da51ac
                                                                            • Opcode Fuzzy Hash: 97da4a7e6ebf8634bee297a9b88ae5d708e68b483fba8d68712357438d20000c
                                                                            • Instruction Fuzzy Hash: 1941B135604226ABCB219F64ED84EBA7BE5EF41320F1541E9F96D972A1DF308D01CB61

                                                                            Execution Graph

                                                                            Execution Coverage:0.5%
                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                            Signature Coverage:100%
                                                                            Total number of Nodes:6
                                                                            Total number of Limit Nodes:0
                                                                            execution_graph 5010 27575404632 5011 27575404689 NtQuerySystemInformation 5010->5011 5012 27575402a04 5010->5012 5011->5012 5007 275752d26f7 5008 275752d2707 NtQuerySystemInformation 5007->5008 5009 275752d26a4 5008->5009

                                                                            Callgraph

                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000013.00000002.3334687419.0000027575402000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000027575402000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_19_2_27575402000_firefox.jbxd
                                                                            Similarity
                                                                            • API ID: InformationQuerySystem
                                                                            • String ID: #$#$#$4$>$>$>$A$z$z
                                                                            • API String ID: 3562636166-3072146587
                                                                            • Opcode ID: 4791d340b90b83b9e582c1117ab7709437205e4863388a97698239cfbe9a5427
                                                                            • Instruction ID: 01ce0c07e3222c9fd8dcb03e1dc3d4e51134435b6b60cc886e23f02025a4f764
                                                                            • Opcode Fuzzy Hash: 4791d340b90b83b9e582c1117ab7709437205e4863388a97698239cfbe9a5427
                                                                            • Instruction Fuzzy Hash: D1A3D731A18E688BDB2DDF18DC866A9B7E5FB94300F24426ED84FC7255DE74E902C6C1