Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1505556
MD5:11bd4625b4c8f650d10bc4d758dc2f2d
SHA1:07f5cf0a5dc7138c3d1d482e6b7fee6bc81915f8
SHA256:7db1c1f1392f84b88a5100af4042abfd72ee3a7708c67155ad3c6082b7cbd6f4
Tags:exe
Infos:

Detection

Score:64
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6756 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 11BD4625B4C8F650D10BC4D758DC2F2D)
    • msedge.exe (PID: 5016 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
      • msedge.exe (PID: 1772 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=2036,i,11203481130552999649,2043710382605109733,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • firefox.exe (PID: 4228 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 6196 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 3176 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 7840 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2256 -parentBuildID 20230927232528 -prefsHandle 2188 -prefMapHandle 2180 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dec7774c-fda2-40d6-963f-1a0f505464f8} 3176 "\\.\pipe\gecko-crash-server-pipe.3176" 164e0c6db10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 8704 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4624 -parentBuildID 20230927232528 -prefsHandle 4612 -prefMapHandle 4608 -prefsLen 30974 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2838e6d-0a58-45e2-9f14-197d166c90c2} 3176 "\\.\pipe\gecko-crash-server-pipe.3176" 164fa9f8e10 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 9600 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5028 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5036 -prefMapHandle 5040 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdbcea3d-74cd-4886-9c0a-73c063685dc1} 3176 "\\.\pipe\gecko-crash-server-pipe.3176" 164fb965310 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • msedge.exe (PID: 7288 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7576 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:3 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8224 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6664 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7992 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6816 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 8588 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=6564 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 7108 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7124 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 5844 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7828 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
    • msedge.exe (PID: 10232 cmdline: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6820 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8 MD5: 69222B8101B0601CC6663F8381E7E00F)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: file.exeReversingLabs: Detection: 26%
Source: file.exeVirustotal: Detection: 30%Perma Link
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
Machine Learning detection for sample
Source: file.exeJoe Sandbox ML: detected
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49754 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49759 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49790 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49809 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.65.39.112:443 -> 192.168.2.5:49811 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49813 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49815 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49816 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49820 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49823 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49822 version: TLS 1.2
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.5.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.5.dr
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00D0DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CDC2A2 FindFirstFileExW,0_2_00CDC2A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D168EE FindFirstFileW,FindClose,0_2_00D168EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D1698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00D1698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00D0D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00D0D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D19642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00D19642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D1979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00D1979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D19B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00D19B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D15C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00D15C97
Source: firefox.exeMemory has grown: Private usage: 1MB later: 195MB
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 13.107.246.40 13.107.246.40
Source: Joe Sandbox ViewIP Address: 23.55.235.170 23.55.235.170
Source: Joe Sandbox ViewIP Address: 152.195.19.97 152.195.19.97
Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 152.195.19.97
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.206
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.40
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.206
Source: unknownTCP traffic detected without corresponding DNS query: 142.250.176.206
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D1CE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_00D1CE44
Source: global trafficHTTP traffic detected: GET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1Host: api.edgeoffer.microsoft.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global trafficHTTP traffic detected: GET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726228447&P2=404&P3=2&P4=Wih3FgHU7MIPqDKf9yfZBSinj42Gqb22Py28OWaIgShg0kydjgE6EzbquqoYCLN99wIbLxFjCJ2AKDxWJRC83w%3d%3d HTTP/1.1Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.comConnection: keep-aliveMS-CV: 6gVNYBuMaylzu4kWEdmN22Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=713924867&timestamp=1725623650303 HTTP/1.1Host: accounts.youtube.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-wow64: ?0sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ShorelineSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: EntityExtractionDomainsConfigSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 0Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-wow64: ?0sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://accounts.google.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1Host: edgeassetservice.azureedge.netConnection: keep-aliveEdge-Asset-Group: ProductCategoriesSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
Source: global trafficHTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=g+bxnzvDf8MUwhx&MD=f5ZWrhTL HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=g+bxnzvDf8MUwhx&MD=f5ZWrhTL HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
Source: firefox.exe, 00000005.00000003.2432898544.00000164F0D61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.facebook.com/", equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2432898544.00000164F0D61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "url": "https://www.youtube.com/", equals www.youtube.com (Youtube)
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: "url": "https://www.youtube.com" equals www.youtube.com (Youtube)
Source: 000003.log8.8.drString found in binary or memory: "www.facebook.com": "{\"Tier1\": [1103, 6061], \"Tier2\": [5445, 1780, 8220]}", equals www.facebook.com (Facebook)
Source: 000003.log8.8.drString found in binary or memory: "www.linkedin.com": "{\"Tier1\": [1103, 214, 6061], \"Tier2\": [2771, 9515, 1780, 1303, 1099, 6081, 5581, 9396]}", equals www.linkedin.com (Linkedin)
Source: 000003.log8.8.drString found in binary or memory: "www.youtube.com": "{\"Tier1\": [983, 6061, 1103], \"Tier2\": [2413, 8118, 1720, 5007]}", equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2431475498.00000164F12A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2431475498.00000164F12A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2270236616.00000164FBC5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2275432566.00000164F904D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2197990252.00000164F904E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2287898371.00000164FB64A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2428769622.00000164F20A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2431475498.00000164F12A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2428769622.00000164F20F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2431475498.00000164F12A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2363546749.00000164FB537000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2363546749.00000164FB537000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2432700687.00000164F0D7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000005.00000003.2432700687.00000164F0D7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: doff-text" data-l10n-args="{&quot;engine&quot;: &quot;Google&quot;}"></div><input type="search" class="fake-editable" tabindex="-1" aria-hidden="true"/><div class="fake-caret"></div></button></div></div></div><div class="body-wrapper on"><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div><div class="ds-top-sites"><section class="collapsible-section top-sites" data-section-id="topsites"><div class="section-top-bar"><h3 class="section-title-container " style="visibility:hidden"><span class="section-title"><span data-l10n-id="newtab-section-header-topsites"></span></span><span class="learn-more-link-wrapper"></span></h3></div><div><ul class="top-sites-list"><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder "><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.youtube.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="Y"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/youtube-com@2x.png)"></div></div></div><div class="title"><span dir="auto">YouTube<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;YouTube&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.facebook.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="F"><div class="top-site-icon rich-icon" style="backgroun
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/,https://www.youtube.com/,https://ok.ru/,https://www.avito.ru/,https://www.aliexpress.com/,https://www.wikipedia.org/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2270236616.00000164FBC5D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2275432566.00000164F904D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2197990252.00000164F904E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2287898371.00000164FB64A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://allegro.pl/,https://www.wikipedia.org/,https://www.olx.pl/,https://www.wykop.pl/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.amazon.de/,https://www.ebay.de/,https://www.wikipedia.org/,https://www.reddit.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.amazon.co.uk/,https://www.bbc.co.uk/,https://www.ebay.co.uk/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.reddit.com/,https://www.wikipedia.org/,https://www.amazon.ca/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.amazon.fr/,https://www.leboncoin.fr/,https://twitter.com/L equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2363859559.00000164FAF1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3361246573.0000025F2DE03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2363859559.00000164FAF1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3361246573.0000025F2DE03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2363859559.00000164FAF1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3361246573.0000025F2DE03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2429584157.00000164F1CA2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://bfdd6cf3-6cd6-4fa2-bc72-2c3d2e7d20f8/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2343087966.00000164FB5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2428769622.00000164F20A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270859721.00000164FB5AF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
Source: firefox.exe, 00000005.00000003.2343087966.00000164FB5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270859721.00000164FB5AF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2431475498.00000164F12A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
Source: firefox.exe, 00000005.00000003.2428769622.00000164F20A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2428769622.00000164F205F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
Source: 0be11041-02f1-4169-891c-e14c21ebb962.tmp.9.drString found in binary or memory: {"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372689245455900","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372689248134403","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372689249395238","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372689251613497","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",true],"server":"https://accounts.youtube.com"},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://edge.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372689253312685","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://www.google.com"},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13370190848134706","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"network_stats":{"srtt":1345500},"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372689252574982","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":330551},"server":"https://www.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372689253277002","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":250129},"server":"https://accounts.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372689282658863","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://play.google.com"}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}} equals www.youtube.com (Youtube)
Source: 26acdae6-37c2-4482-b09f-90ca3742450b.tmp.9.drString found in binary or memory: {"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372689245455900","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372689248134403","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372689249395238","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372689251613497","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",true],"server":"https://accounts.youtube.com"},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://edge.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372689253312685","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://www.google.com"},{"anonymization":["HAAAABUAAABodHRwczovL2F6dXJlZWRnZS5uZXQAAAA=",false],"server":"https://edgeassetservice.azureedge.net","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13370190848134706","port":443,"protocol_str":"quic"}],"anonymization":["FAAAABAAAABodHRwczovL2JpbmcuY29t",false],"network_stats":{"srtt":1345500},"server":"https://www.bing.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372689252574982","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":330551},"server":"https://www.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372689253277002","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"network_stats":{"srtt":250129},"server":"https://accounts.google.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372689282658863","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://play.google.com"}],"supports_quic":{"address":"192.168.2.5","used_quic":true},"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}} equals www.youtube.com (Youtube)
Source: global trafficDNS traffic detected: DNS query: bzib.nelreports.net
Source: global trafficDNS traffic detected: DNS query: clients2.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: chrome.cloudflare-dns.com
Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: example.org
Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Length: 2342Content-Type: text/htmlDate: Fri, 06 Sep 2024 11:55:07 GMTConnection: closePMUSER_FORMAT_QS: X-CDN-TraceId: 0.65a13617.1725623707.22a61c58Access-Control-Allow-Credentials: falseAccess-Control-Allow-Methods: *Access-Control-Allow-Methods: GET, OPTIONS, POSTAccess-Control-Allow-Origin: *
Source: firefox.exe, 00000005.00000003.2363392161.00000164FB95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2363859559.00000164FAF1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: firefox.exe, 00000005.00000003.2432213871.00000164F0DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: firefox.exe, 00000005.00000003.2192780774.00000164FBEDD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2308287274.00000164F8FA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2272904548.00000164FB1C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2303146659.00000164F3D96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2344253545.00000164F8FA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2276699412.00000164F8FA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2368367593.00000164F22E5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193899475.00000164FB1C6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
Source: firefox.exe, 00000005.00000003.2434015164.00000164EF5B4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2434693383.00000164EDFAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2367616582.00000164F2A25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2198187474.00000164F2AD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
Source: firefox.exe, 00000005.00000003.2274480574.00000164F9059000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2367616582.00000164F2A25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2198187474.00000164F2AD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
Source: firefox.exe, 00000005.00000003.2435339808.00000164EDF0C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2367616582.00000164F2A25000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2198187474.00000164F2AD8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
Source: firefox.exe, 00000005.00000003.2421633292.00000164FB61E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListenerUseOfReleaseEventsWarningUse
Source: firefox.exe, 00000005.00000003.2421633292.00000164FB61E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
Source: firefox.exe, 00000005.00000003.2435573842.00000164ED38C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/common
Source: firefox.exe, 00000005.00000003.2435573842.00000164ED381000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/dates-and-timesp
Source: firefox.exe, 00000005.00000003.2435573842.00000164ED38C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/math
Source: firefox.exe, 00000005.00000003.2435573842.00000164ED381000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/regular-expressions
Source: firefox.exe, 00000005.00000003.2435573842.00000164ED38C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://exslt.org/sets
Source: firefox.exe, 00000005.00000003.2192780774.00000164FBEDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://json-schema.org/draft-07/schema#
Source: firefox.exe, 00000005.00000003.2244305820.00000164FBA4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
Source: firefox.exe, 00000005.00000003.2421069222.00000164FBB14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2342521217.00000164FBB14000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2242074393.00000164F1D35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
Source: firefox.exe, 00000005.00000003.2243356001.00000164F1ABD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2357239322.00000164F1AEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2254227181.00000164F1E81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2257505791.00000164F1EE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2289869173.00000164F1EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2240948656.00000164F8EB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2255583212.00000164F1ED7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2269906131.00000164FBEEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2289869173.00000164F1EE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2289869173.00000164F1EE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2299145862.00000164F0F18000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2302682846.00000164F3EB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2302257564.00000164F4834000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2353050393.00000164F14FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2255225484.00000164F1DC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2279067237.00000164F4853000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2307412400.00000164FA9D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2236212134.00000164F28BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221150989.00000164F1DF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241836023.00000164F8EA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2421987460.00000164FA9DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
Source: firefox.exe, 00000005.00000003.2242074393.00000164F1D35000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/Z
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0C
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.digicert.com0N
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ocsp.thawte.com0
Source: firefox.exe, 00000005.00000003.2432213871.00000164F0DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
Source: firefox.exe, 00000005.00000003.2303412264.00000164F3AC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0
Source: firefox.exe, 00000005.00000003.2276699412.00000164F8F20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0.
Source: firefox.exe, 00000005.00000003.2303412264.00000164F3AC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2276699412.00000164F8F20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: firefox.exe, 00000005.00000003.2432213871.00000164F0DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
Source: firefox.exe, 00000005.00000003.2432213871.00000164F0DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: http://www.mozilla.com0
Source: firefox.exe, 00000005.00000003.2301523687.00000164FAF8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
Source: firefox.exe, 00000005.00000003.2431674761.00000164F1147000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
Source: firefox.exe, 00000005.00000003.2276699412.00000164F8F20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
Source: firefox.exe, 00000005.00000003.2276699412.00000164F8F20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
Source: firefox.exe, 00000005.00000003.2362703525.00000164FB9D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
Source: firefox.exe, 00000005.00000003.2147555016.00000164F156B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147662079.00000164F1583000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147136660.00000164F151C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2146999359.00000164F1200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147405926.00000164F1550000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147270732.00000164F1536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
Source: firefox.exe, 00000005.00000003.2422313925.00000164F4889000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278181894.00000164F4889000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
Source: firefox.exe, 00000005.00000003.2304204764.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306049181.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2310666280.00000164F32BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
Source: firefox.exe, 00000005.00000003.2431475498.00000164F12A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2431978893.00000164F0DD5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
Source: firefox.exe, 00000005.00000003.2276699412.00000164F8F3F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2418899334.00000164F8F3F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
Source: firefox.exe, 00000005.00000003.2270859721.00000164FB5BD000.00000004.00000800.00020000.00000000.sdmp, Session_13370097245851975.8.drString found in binary or memory: https://accounts.google.com
Source: MediaDeviceSalts.8.dr, 000003.log5.8.drString found in binary or memory: https://accounts.google.com/
Source: MediaDeviceSalts.8.drString found in binary or memory: https://accounts.google.com//
Source: Favicons.8.dr, History.8.drString found in binary or memory: https://accounts.google.com/InteractiveLogin?continue=https://accounts.google.com/v3/signin/challeng
Source: firefox.exe, 0000000A.00000002.3362080004.0000020F7A21A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/Service
Source: firefox.exe, 00000015.00000002.3361091769.00000157DF6F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.goog
Source: Session_13370097245851975.8.dr, History.8.drString found in binary or memory: https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.co
Source: Session_13370097245851975.8.drString found in binary or memory: https://accounts.google.com/_/bscframe
Source: Favicons.8.drString found in binary or memory: https://accounts.google.com/favicon.ico
Source: firefox.exe, 0000000A.00000002.3362080004.0000020F7A21A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/p
Source: firefox.exe, 00000015.00000002.3360695816.00000157DF68A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pW
Source: firefox.exe, 00000005.00000003.2274283176.00000164FA98F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270236616.00000164FBC4A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2213739341.00000164FB18D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193899475.00000164FB18D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
Source: file.exe, 00000000.00000002.2101088076.00000000012C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd%
Source: file.exe, 00000000.00000002.2101088076.00000000012F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2099869072.00000000012F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdPP
Source: file.exe, 00000000.00000002.2101088076.00000000012F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2099869072.00000000012F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwdy
Source: Session_13370097245851975.8.dr, History.8.dr, WebAssistDatabase.8.drString found in binary or memory: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Faccounts.google.com%2Fv3%2Fs
Source: Session_13370097245851975.8.drString found in binary or memory: https://accounts.youtube.com/accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=71392
Source: firefox.exe, 00000005.00000003.2433769236.00000164EF5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2434247615.00000164EF599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
Source: firefox.exe, 00000005.00000003.2269813420.00000164FC017000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
Source: firefox.exe, 00000005.00000003.2428769622.00000164F20A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2428769622.00000164F205F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
Source: firefox.exe, 00000005.00000003.2278181894.00000164F48B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2345395719.00000164F48B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
Source: firefox.exe, 00000005.00000003.2272904548.00000164FB1FE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2344253545.00000164F8F9C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2308287274.00000164F8F9C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2301694518.00000164F8F9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
Source: firefox.exe, 00000005.00000003.2304871118.00000164FB1FE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
Source: firefox.exe, 00000005.00000003.2343468206.00000164FB13C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2363392161.00000164FB95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2273765996.00000164FB13C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2305814853.00000164F32E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193899475.00000164FB13C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
Source: firefox.exe, 00000005.00000003.2435573842.00000164ED3B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3363234782.0000020F7A5C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3361246573.0000025F2DEF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3366207301.00000157DFB03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: firefox.exe, 00000005.00000003.2435573842.00000164ED3B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3363234782.0000020F7A5C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3361246573.0000025F2DEF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3366207301.00000157DFB03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: firefox.exe, 00000005.00000003.2311234914.00000164F2F5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
Source: firefox.exe, 00000005.00000003.2261435184.00000164F49DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
Source: firefox.exe, 00000005.00000003.2284782367.00000164F1D9A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2247802485.00000164F1D9A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
Source: firefox.exe, 00000005.00000003.2265137144.00000164F49F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2265137144.00000164F49DD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
Source: befc4fb5-ab5e-45c4-a085-de5580b88528.tmp.9.dr, 26acdae6-37c2-4482-b09f-90ca3742450b.tmp.9.dr, 0be11041-02f1-4169-891c-e14c21ebb962.tmp.9.drString found in binary or memory: https://clients2.google.com
Source: befc4fb5-ab5e-45c4-a085-de5580b88528.tmp.9.dr, 26acdae6-37c2-4482-b09f-90ca3742450b.tmp.9.dr, 0be11041-02f1-4169-891c-e14c21ebb962.tmp.9.drString found in binary or memory: https://clients2.googleusercontent.com
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
Source: firefox.exe, 00000005.00000003.2147555016.00000164F156B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147662079.00000164F1583000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147136660.00000164F151C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2146999359.00000164F1200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147405926.00000164F1550000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147270732.00000164F1536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
Source: firefox.exe, 00000005.00000003.2433238299.00000164EF5E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
Source: firefox.exe, 00000005.00000003.2193899475.00000164FB13C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
Source: firefox.exe, 00000005.00000003.2435573842.00000164ED3B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3363234782.0000020F7A5C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3361246573.0000025F2DEF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3366207301.00000157DFB03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: firefox.exe, 00000005.00000003.2435573842.00000164ED3B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3363234782.0000020F7A5C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3361246573.0000025F2DEF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3366207301.00000157DFB03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: firefox.exe, 00000005.00000003.2197990252.00000164F904E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2197990252.00000164F904E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
Source: firefox.exe, 00000005.00000003.2197990252.00000164F904E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2196551883.00000164F905F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2213739341.00000164FB1C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274480574.00000164F9059000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193899475.00000164FB1C6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
Source: firefox.exe, 00000005.00000003.2421633292.00000164FB61E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
Source: firefox.exe, 00000005.00000003.2421633292.00000164FB61E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
Source: firefox.exe, 00000005.00000003.2421633292.00000164FB61E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCaptureWebExtensionUncheckedLastErr
Source: firefox.exe, 00000005.00000003.2421633292.00000164FB61E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarning
Source: firefox.exe, 00000005.00000003.2421633292.00000164FB61E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
Source: firefox.exe, 00000005.00000003.2421633292.00000164FB61E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredA
Source: firefox.exe, 00000005.00000003.2257505791.00000164F1EE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2289869173.00000164F1EE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2220298509.00000164F1EEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
Source: firefox.exe, 00000005.00000003.2147555016.00000164F156B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2236212134.00000164F28BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147662079.00000164F1583000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2269813420.00000164FC017000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147136660.00000164F151C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2255366157.00000164F28BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2146999359.00000164F1200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147405926.00000164F1550000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2430255292.00000164F1C80000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147270732.00000164F1536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
Source: firefox.exe, 00000005.00000003.2274480574.00000164F9059000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
Source: firefox.exe, 00000005.00000003.2239884076.00000164F147D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2432062451.00000164F0DCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2158528206.00000164F147D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
Source: firefox.exe, 00000005.00000003.2432213871.00000164F0DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
Source: firefox.exe, 00000005.00000003.2432213871.00000164F0DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_163_music.png/1.0.3/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_dark.png/1.7.32/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_hc.png/1.7.32/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_M365_light.png/1.7.32/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_hc.png/1.2.1/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_dark.png/1.2.1/ass
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/as
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_amazon_music_light.png/1.4.13/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_apple_music.png/1.4.12/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.1.17/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_dark.png/1.6.8/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.1.17/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_active_light.png/1.6.8/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.1.17/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_chatB_hc.png/1.6.8/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_deezer.png/1.4.12/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_color.png/1.0.14/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_designer_hc.png/1.0.14/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_hc.png/1.1.12/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_dark.png/1.1.12/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_hc.png/1.2.0/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_dark.png/1.2.0/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_etree_maximal_light.png/1.2.0/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_excel.png/1.7.32/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_facebook_messenger.png/1.5.14/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gaana.png/1.0.3/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc.png/1.7.1/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_controller.png/1.7.1/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_hc_joystick.png/1.7.1/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark.png/1.7.1/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_controller.png/1.7.1/
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_dark_joystick.png/1.7.1/as
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_controller.png/1.7.1
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_games_maximal_light_joystick.png/1.7.1/a
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_gmail.png/1.5.4/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_hc.png/0.1.3/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_dark.png/0.1.3/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_history_maximal_light.png/0.1.3/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_iHeart.png/1.0.3/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_hc.png/1.0.14/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_dark.png/1.0.14/as
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_image_creator_maximal_light.png/1.0.14/a
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_instagram.png/1.4.13/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_ku_gou.png/1.0.3/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_last.png/1.0.3/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_naver_vibe.png/1.0.3/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_dark.png/1.4.9/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_hc.png/1.4.9/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_onenote_light.png/1.4.9/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_dark.png/1.9.10/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_hc.png/1.9.10/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_outlook_light.png/1.9.10/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_performance_maximal_dark.png/1.1.0/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_power_point.png/1.7.32/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_qq.png/1.0.3/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_dark.png/1.1.12/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_hc.png/1.1.12/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_refresh_light.png/1.1.12/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_hc.png/1.3.6/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_dark.png/1.3.6/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.1.12/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.4.0/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_dark.png/1.5.13/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.1.12/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.4.0/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_hc.png/1.5.13/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.1.12/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.4.0/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_settings_light.png/1.5.13/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_hc.png/1.4.0/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_dark.png/1.4.0/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_dark.png/1.3.20/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_hc.png/1.3.20/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_skype_light.png/1.3.20/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_sound_cloud.png/1.0.3/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_spotify.png/1.4.12/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_dark.png/1.2.19/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_hc.png/1.2.19/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_teams_light.png/1.2.19/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_telegram.png/1.0.4/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_tidal.png/1.0.3/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_hc.png/1.5.13/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_dark.png/1.5.13/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.dr, HubApps Icons.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_twitter_light.png/1.0.9/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_vk.png/1.0.3/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_whatsapp_light.png/1.4.11/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_word.png/1.7.32/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_yandex_music.png/1.0.10/asset
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://edgeassetservice.azureedge.net/assets/edge_hub_apps_youtube.png/1.4.14/asset
Source: firefox.exe, 00000005.00000003.2239884076.00000164F147D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2432062451.00000164F0DCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2158528206.00000164F147D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://excel.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000005.00000003.2421633292.00000164FB61E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/SelectOptionsLengthAssignmentW
Source: firefox.exe, 00000005.00000003.2272904548.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2213739341.00000164FB18D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306891248.00000164FB18C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2363859559.00000164FAF1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2288226103.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193899475.00000164FB18D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3361246573.0000025F2DE12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3361723718.00000157DF813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
Source: firefox.exe, 00000005.00000003.2180966931.00000164FBA83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2180634661.00000164FBAFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2175956303.00000164FBA82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
Source: firefox.exe, 00000005.00000003.2401860976.00000164F222A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/performance/scroll-linked_effects.html
Source: firefox.exe, 00000005.00000003.2367178367.00000164F2A90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2401607228.00000164F22BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
Source: 26acdae6-37c2-4482-b09f-90ca3742450b.tmp.9.dr, 0be11041-02f1-4169-891c-e14c21ebb962.tmp.9.drString found in binary or memory: https://fonts.gstatic.com
Source: firefox.exe, 00000005.00000003.2433769236.00000164EF5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2434693383.00000164EDFAD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
Source: firefox.exe, 00000005.00000003.2269813420.00000164FC017000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://gaana.com/
Source: firefox.exe, 00000005.00000003.2272904548.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2213739341.00000164FB18D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306891248.00000164FB18C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2363859559.00000164FAF1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2288226103.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193899475.00000164FB18D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3361246573.0000025F2DE12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3361723718.00000157DF813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
Source: firefox.exe, 00000010.00000002.3361246573.0000025F2DEC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3361723718.00000157DF8C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
Source: firefox.exe, 00000010.00000002.3361246573.0000025F2DEC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3361723718.00000157DF8C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
Source: firefox.exe, 00000015.00000002.3361723718.00000157DF830000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
Source: firefox.exe, 00000010.00000002.3361246573.0000025F2DEC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3361723718.00000157DF8C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
Source: firefox.exe, 00000005.00000003.2272904548.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2213739341.00000164FB18D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306891248.00000164FB18C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2288226103.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193899475.00000164FB18D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tabL
Source: firefox.exe, 00000005.00000003.2276699412.00000164F8FCF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/firefox/new_tab_learn_more
Source: firefox.exe, 00000010.00000002.3361246573.0000025F2DEC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3361723718.00000157DF8C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
Source: firefox.exe, 00000005.00000003.2272904548.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2213739341.00000164FB18D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306891248.00000164FB18C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2288226103.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193899475.00000164FB18D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS
Source: firefox.exe, 00000005.00000003.2272904548.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2213739341.00000164FB18D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306891248.00000164FB18C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2288226103.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193899475.00000164FB18D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendationsS7
Source: firefox.exe, 00000005.00000003.2272904548.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2213739341.00000164FB18D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306891248.00000164FB18C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2288226103.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193899475.00000164FB18D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=basic
Source: firefox.exe, 00000005.00000003.2241836023.00000164F8EA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231625639.00000164F8EA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2247584352.00000164F8EAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2240948656.00000164F8EA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query-all.ts
Source: firefox.exe, 00000005.00000003.2241836023.00000164F8EA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2231625639.00000164F8EA4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2247584352.00000164F8EAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2240948656.00000164F8EA4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/blob/main/packages/reactive-element/src/decorators/query.ts
Source: firefox.exe, 00000005.00000003.2147555016.00000164F156B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147136660.00000164F151C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2146999359.00000164F1200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147405926.00000164F1550000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147270732.00000164F1536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
Source: firefox.exe, 00000005.00000003.2400844345.00000164FC073000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2286654526.00000164FC06C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
Source: firefox.exe, 00000005.00000003.2272904548.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2213739341.00000164FB18D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306891248.00000164FB18C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2288226103.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193899475.00000164FB18D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
Source: firefox.exe, 00000005.00000003.2367577874.00000164F2A38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com
Source: firefox.exe, 00000005.00000003.2428634134.00000164F213C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://i.y.qq.com/n2/m/index.html
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
Source: firefox.exe, 00000005.00000003.2304204764.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306049181.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2310717102.00000164F3298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
Source: firefox.exe, 00000005.00000003.2311073917.00000164F2F84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306452802.00000164F2F74000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
Source: firefox.exe, 00000005.00000003.2304204764.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306049181.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2310717102.00000164F3298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
Source: firefox.exe, 00000005.00000003.2304204764.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306049181.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2310717102.00000164F3298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
Source: firefox.exe, 00000005.00000003.2304204764.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306049181.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2310717102.00000164F3298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
Source: firefox.exe, 00000005.00000003.2304204764.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306049181.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2310717102.00000164F3298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
Source: firefox.exe, 00000005.00000003.2427736713.00000164F8F50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2276699412.00000164F8F4E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2308818072.00000164F8F4E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2301694518.00000164F8F4E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2345012255.00000164F8F4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
Source: firefox.exe, 00000015.00000002.3366207301.00000157DFB03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: firefox.exe, 00000005.00000003.2433370582.00000164EF5DE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2362398914.00000164FBCC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
Source: firefox.exe, 00000005.00000003.2302682846.00000164F3EB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2213962847.00000164F3EB2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3361246573.0000025F2DEF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3361723718.00000157DF8F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
Source: firefox.exe, 00000005.00000003.2311039453.00000164F2FC3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2420142575.00000164F327E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/a9140bc6-7879-4823-bbe4-76dcf
Source: firefox.exe, 00000005.00000003.2401607228.00000164F22BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/7755ad51-2370-4623-
Source: firefox.exe, 00000005.00000003.2367616582.00000164F2A25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/messaging-system/1/ae04dde8-69a1-49f8-
Source: firefox.exe, 00000005.00000003.2401750802.00000164F22B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/newtab/1/b8f053a5-de16-4a2c-8120-1ab4a
Source: firefox.exe, 00000005.00000003.2401607228.00000164F22BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/79df8d2c-5be5-4a51
Source: firefox.exe, 00000005.00000003.2401607228.00000164F22BE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/b704892a-e6ee-40b4
Source: firefox.exe, 00000010.00000002.3361246573.0000025F2DEF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submitfe
Source: firefox.exe, 00000005.00000003.2272904548.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2213739341.00000164FB18D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306891248.00000164FB18C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2288226103.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193899475.00000164FB18D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submits
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
Source: firefox.exe, 00000005.00000003.2287898371.00000164FB64A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2342968043.00000164FB64B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://latest.web.skype.com/?browsername=edge_canary_shoreline
Source: firefox.exe, 00000005.00000003.2276699412.00000164F8F4E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2401961082.00000164F2213000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
Source: firefox.exe, 00000005.00000003.2198071674.00000164F2AF0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2273765996.00000164FB13C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193899475.00000164FB13C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
Source: firefox.exe, 00000005.00000003.2422313925.00000164F4889000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278181894.00000164F4889000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
Source: firefox.exe, 00000005.00000003.2422313925.00000164F4889000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278181894.00000164F4889000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
Source: firefox.exe, 00000005.00000003.2434294682.00000164EF594000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://m.kugou.com/
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://m.soundcloud.com/
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://m.vk.com/
Source: firefox.exe, 00000005.00000003.2239884076.00000164F147D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2432062451.00000164F0DCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2158528206.00000164F147D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://mail.google.com/mail/mu/mp/266/#tl/Inbox
Source: firefox.exe, 00000005.00000003.2239884076.00000164F147D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2432062451.00000164F0DCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2158528206.00000164F147D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
Source: firefox.exe, 00000005.00000003.2432213871.00000164F0DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
Source: firefox.exe, 00000005.00000003.2239884076.00000164F147D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2432062451.00000164F0DCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2158528206.00000164F147D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
Source: firefox.exe, 00000005.00000003.2432213871.00000164F0DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
Source: firefox.exe, 0000000A.00000002.3363234782.0000020F7A572000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3361246573.0000025F2DE86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3361723718.00000157DF88F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
Source: firefox.exe, 00000005.00000003.2434693383.00000164EDFAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2434247615.00000164EF599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
Source: firefox.exe, 00000005.00000003.2192780774.00000164FBEDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mozilla-hub.atlassian.net/browse/SDK-405
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://music.amazon.com
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://music.apple.com
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://music.yandex.com
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ok.ru/
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://open.spotify.com
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://outlook.live.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: firefox.exe, 00000005.00000003.2239884076.00000164F147D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2432062451.00000164F0DCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2158528206.00000164F147D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/0/
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/compose?isExtension=true
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/0/
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/compose?isExtension=true
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://outlook.office.com/mail/inbox?isExtension=true&sharedHeader=1&client_flight=outlookedge
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
Source: firefox.exe, 00000005.00000003.2239884076.00000164F147D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2432062451.00000164F0DCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2158528206.00000164F147D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
Source: firefox.exe, 00000005.00000003.2432213871.00000164F0DBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://powerpoint.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000005.00000003.2192780774.00000164FBEDD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://probeinfo.telemetry.mozilla.org/glean/repositories.
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
Source: firefox.exe, 00000005.00000003.2432490122.00000164F0D91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com/
Source: firefox.exe, 00000005.00000003.2287363343.00000164FBED6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2341490633.00000164FBED7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2430178691.00000164F1CA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
Source: firefox.exe, 00000005.00000003.2193899475.00000164FB18D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
Source: firefox.exe, 00000005.00000003.2363859559.00000164FAF1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=118.0&pver=2.2&
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
Source: firefox.exe, 00000005.00000003.2342782783.00000164FB66A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2287898371.00000164FB64A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=118.0&pver=2.2
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
Source: firefox.exe, 00000005.00000003.2363859559.00000164FAF1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=AIzaSyC7jsptDS
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
Source: firefox.exe, 00000005.00000003.2363859559.00000164FAF1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=AIzaSy
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
Source: firefox.exe, 00000005.00000003.2434693383.00000164EDFAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2434247615.00000164EF599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
Source: firefox.exe, 00000005.00000003.2147270732.00000164F1536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
Source: firefox.exe, 00000005.00000003.2257505791.00000164F1EE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2289869173.00000164F1EE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2220298509.00000164F1EEB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
Source: firefox.exe, 00000005.00000003.2431825154.00000164F1110000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
Source: firefox.exe, 00000005.00000003.2270538231.00000164FB6C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
Source: firefox.exe, 00000005.00000003.2270002652.00000164FBCAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000005.00000003.2342968043.00000164FB64B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
Source: firefox.exe, 00000005.00000003.2215149833.00000164F2A50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2367251218.00000164F2A4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
Source: firefox.exe, 00000005.00000003.2215149833.00000164F2A50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2367251218.00000164F2A4E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
Source: firefox.exe, 00000005.00000003.2270859721.00000164FB5BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2308287274.00000164F8FA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2344253545.00000164F8FA5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2276699412.00000164F8FA5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
Source: firefox.exe, 00000005.00000003.2343198598.00000164FB564000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2363859559.00000164FAF1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2288226103.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193899475.00000164FB18D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3361246573.0000025F2DE12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3361723718.00000157DF813000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
Source: firefox.exe, 00000005.00000003.2343198598.00000164FB564000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2196551883.00000164F905F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274480574.00000164F9059000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2198187474.00000164F2AD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
Source: firefox.exe, 00000005.00000003.2272904548.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2213739341.00000164FB18D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306891248.00000164FB18C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2363859559.00000164FAF1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2288226103.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193899475.00000164FB18D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3361246573.0000025F2DEF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3361723718.00000157DF8F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
Source: firefox.exe, 00000010.00000002.3361246573.0000025F2DEF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user5&
Source: firefox.exe, 00000005.00000003.2428769622.00000164F20A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
Source: firefox.exe, 00000005.00000003.2428769622.00000164F20A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2428769622.00000164F205F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
Source: firefox.exe, 00000005.00000003.2433769236.00000164EF5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2215149833.00000164F2A7F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2434247615.00000164EF599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
Source: firefox.exe, 00000005.00000003.2269813420.00000164FC017000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
Source: firefox.exe, 00000005.00000003.2430255292.00000164F1C93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
Source: firefox.exe, 00000005.00000003.2366397907.00000164F2F60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2422415240.00000164F2F63000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2311234914.00000164F2F5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
Source: firefox.exe, 00000005.00000003.2215149833.00000164F2A8E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2311073917.00000164F2FAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2435573842.00000164ED3B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2366435532.00000164F2F46000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2401607228.00000164F22BE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
Source: firefox.exe, 00000005.00000003.2367954411.00000164FBC9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: firefox.exe, 00000005.00000003.2421633292.00000164FB61E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFoundT
Source: firefox.exe, 00000005.00000003.2421633292.00000164FB61E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeededTo
Source: firefox.exe, 00000005.00000003.2239097268.00000164F3CB9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings
Source: firefox.exe, 00000005.00000003.2345320769.00000164F8DAE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
Source: firefox.exe, 00000005.00000003.2367954411.00000164FBC9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://tidal.com/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
Source: firefox.exe, 00000005.00000003.2421633292.00000164FB61E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
Source: firefox.exe, 00000005.00000003.2421633292.00000164FB61E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
Source: firefox.exe, 00000005.00000003.2421633292.00000164FB61E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
Source: firefox.exe, 00000005.00000003.2421633292.00000164FB61E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
Source: firefox.exe, 00000005.00000003.2433769236.00000164EF5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2434247615.00000164EF599000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
Source: firefox.exe, 00000005.00000003.2270859721.00000164FB5BD000.00000004.00000800.00020000.00000000.sdmp, 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://twitter.com/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://vibe.naver.com/today
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://vk.com/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
Source: firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
Source: firefox.exe, 00000005.00000003.2272904548.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2288226103.00000164FB186000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://web.skype.com/?browsername=edge_canary_shoreline
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://web.skype.com/?browsername=edge_stable_shoreline
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://web.telegram.org/
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://web.whatsapp.com
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
Source: firefox.exe, 00000005.00000003.2272904548.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2213739341.00000164FB18D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306891248.00000164FB18C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2288226103.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193899475.00000164FB18D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://webpack.js.org/concepts/mode/)
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2418981031.00000164F8F1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278181894.00000164F48B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2345395719.00000164F48B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://word.new?from=EdgeM365Shoreline
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
Source: firefox.exe, 00000005.00000003.2278181894.00000164F48B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2345395719.00000164F48B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
Source: firefox.exe, 00000005.00000003.2197990252.00000164F904E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
Source: firefox.exe, 00000005.00000003.2435573842.00000164ED3B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3363234782.0000020F7A5C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3361246573.0000025F2DEF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3366207301.00000157DFB03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: firefox.exe, 00000005.00000003.2147555016.00000164F156B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2431825154.00000164F1121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2236212134.00000164F28BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147662079.00000164F1583000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147136660.00000164F151C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2255366157.00000164F28BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2146999359.00000164F1200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147405926.00000164F1550000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147270732.00000164F1536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278181894.00000164F48B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2345395719.00000164F48B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2363546749.00000164FB537000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
Source: firefox.exe, 00000005.00000003.2278181894.00000164F48B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2345395719.00000164F48B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
Source: firefox.exe, 00000005.00000003.2435573842.00000164ED3B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3363234782.0000020F7A5C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3361246573.0000025F2DEF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3366207301.00000157DFB03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drString found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2363546749.00000164FB537000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://www.deezer.com/
Source: gmpopenh264.dll.tmp.5.drString found in binary or memory: https://www.digicert.com/CPS0
Source: firefox.exe, 00000005.00000003.2363546749.00000164FB537000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
Source: firefox.exe, 00000005.00000003.2270538231.00000164FB6D2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2363546749.00000164FB537000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
Source: content_new.js.8.dr, content.js.8.drString found in binary or memory: https://www.google.com/chrome
Source: firefox.exe, 00000005.00000003.2301694518.00000164F8F8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2276699412.00000164F8F8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2308287274.00000164F8F8B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2344253545.00000164F8F8B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
Source: firefox.exe, 00000005.00000003.2270859721.00000164FB564000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
Source: firefox.exe, 00000005.00000003.2147555016.00000164F156B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147662079.00000164F1583000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147136660.00000164F151C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2146999359.00000164F1200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147405926.00000164F1550000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147270732.00000164F1536000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
Source: firefox.exe, 00000005.00000003.2147555016.00000164F156B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2431825154.00000164F1121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2236212134.00000164F28BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147662079.00000164F1583000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147136660.00000164F151C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2255366157.00000164F28BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2146999359.00000164F1200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147405926.00000164F1550000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147270732.00000164F1536000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2198187474.00000164F2AD8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
Source: firefox.exe, 00000005.00000003.2430255292.00000164F1C80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
Source: 26acdae6-37c2-4482-b09f-90ca3742450b.tmp.9.dr, 0be11041-02f1-4169-891c-e14c21ebb962.tmp.9.drString found in binary or memory: https://www.googleapis.com
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278181894.00000164F48B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2345395719.00000164F48B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://www.iheart.com/podcast/
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://www.instagram.com
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278181894.00000164F48B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2345395719.00000164F48B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://www.last.fm/
Source: firefox.exe, 00000005.00000003.2278181894.00000164F48B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2345395719.00000164F48B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://www.messenger.com
Source: firefox.exe, 00000005.00000003.2431825154.00000164F1121000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
Source: firefox.exe, 00000005.00000003.2435339808.00000164EDF3A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2362429469.00000164FB9F6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2215149833.00000164F2A7F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
Source: firefox.exe, 00000005.00000003.2276107607.00000164F9039000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
Source: firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
Source: firefox.exe, 00000005.00000003.2367954411.00000164FBC9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: firefox.exe, 00000005.00000003.2180966931.00000164FBA83000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2180634661.00000164FBAFA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2175956303.00000164FBA82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
Source: firefox.exe, 00000005.00000003.2367954411.00000164FBC9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: firefox.exe, 00000005.00000003.2366397907.00000164F2F60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2422415240.00000164F2F63000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2311234914.00000164F2F5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
Source: firefox.exe, 00000005.00000003.2304204764.00000164F3285000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2310717102.00000164F3292000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.5.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: firefox.exe, 00000005.00000003.2341523500.00000164FBC9C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2426572664.00000164FBB68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2304034929.00000164F32EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270236616.00000164FBC9C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2367954411.00000164FBC9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: firefox.exe, 00000005.00000003.2366397907.00000164F2F60000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2422415240.00000164F2F63000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2311234914.00000164F2F5D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
Source: firefox.exe, 00000005.00000003.2367954411.00000164FBC9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
Source: firefox.exe, 00000005.00000003.2341523500.00000164FBC9C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2426572664.00000164FBB68000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2304034929.00000164F32EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270236616.00000164FBC9C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2367954411.00000164FBC9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: firefox.exe, 00000010.00000002.3361246573.0000025F2DEF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3361723718.00000157DF8F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: firefox.exe, 00000015.00000002.3361723718.00000157DF8F6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/:
Source: firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
Source: firefox.exe, 00000005.00000003.2341523500.00000164FBC9C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2304034929.00000164F32EF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2270236616.00000164FBC9C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2367954411.00000164FBC9C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: firefox.exe, 00000005.00000003.2422313925.00000164F4889000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278181894.00000164F4889000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&game
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/cgSideBar/widget?experiences=CasualGamesHub&sharedHeader=1&item
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&item=fl
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://www.msn.com/widgets/fullpage/gaming/widget?experiences=CasualGamesHub&sharedHeader=1&playInS
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://www.office.com
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://www.officeplus.cn/?sid=shoreline&endpoint=OPPC&source=OPCNshoreline
Source: firefox.exe, 00000005.00000003.2418981031.00000164F8F1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=1
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotes?isEdgeHub=true&auth=2
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=1
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://www.onenote.com/stickynotesstaging?isEdgeHub=true&auth=2
Source: firefox.exe, 00000005.00000003.2215149833.00000164F2A34000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
Source: firefox.exe, 00000005.00000003.2272904548.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2288226103.00000164FB186000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
Source: firefox.exe, 00000005.00000003.2296123114.00000164FBA50000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2431561463.00000164F1290000.00000004.00000800.00020000.00000000.sdmp, 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://www.tiktok.com/
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://www.youtube.com
Source: firefox.exe, 00000005.00000003.2287898371.00000164FB64A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2432700687.00000164F0D7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2363859559.00000164FAF1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3361246573.0000025F2DE03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3361723718.00000157DF80C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
Source: firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2418981031.00000164F8F1B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
Source: firefox.exe, 00000005.00000003.2421633292.00000164FB61E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warningWindow_Cc_ontrollersWarningwindow.controllers/Controllers
Source: 96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drString found in binary or memory: https://y.music.163.com/m/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49730 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49744 version: TLS 1.2
Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49754 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49759 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.5:49769 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49788 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49790 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49803 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49802 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49808 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49809 version: TLS 1.2
Source: unknownHTTPS traffic detected: 18.65.39.112:443 -> 192.168.2.5:49811 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.5:49813 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49814 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49815 version: TLS 1.2
Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.5:49816 version: TLS 1.2
Source: unknownHTTPS traffic detected: 40.68.123.157:443 -> 192.168.2.5:49820 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49823 version: TLS 1.2
Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.5:49822 version: TLS 1.2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D1EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00D1EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D1ED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00D1ED6A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D1EAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00D1EAFF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0AA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_00D0AA57
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D39576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00D39576

System Summary

barindex
Binary is likely a compiled AutoIt script file
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.
Source: file.exe, 00000000.00000000.2094896717.0000000000D62000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_673ee8a4-3
Source: file.exe, 00000000.00000000.2094896717.0000000000D62000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_7ffa1e33-9
Source: file.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_6e3204bc-e
Source: file.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_99bca8ed-3
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000025F2E4321F2 NtQuerySystemInformation,16_2_0000025F2E4321F2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000025F2E4390F7 NtQuerySystemInformation,16_2_0000025F2E4390F7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0D5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_00D0D5EB
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D01201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00D01201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0E8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_00D0E8F6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D120460_2_00D12046
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CA80600_2_00CA8060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D082980_2_00D08298
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CDE4FF0_2_00CDE4FF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CD676B0_2_00CD676B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D348730_2_00D34873
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CACAF00_2_00CACAF0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CCCAA00_2_00CCCAA0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CBCC390_2_00CBCC39
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CD6DD90_2_00CD6DD9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CA91C00_2_00CA91C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CBB1190_2_00CBB119
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC13940_2_00CC1394
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC17060_2_00CC1706
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC781B0_2_00CC781B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC19B00_2_00CC19B0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB997D0_2_00CB997D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CA79200_2_00CA7920
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC7A4A0_2_00CC7A4A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC7CA70_2_00CC7CA7
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC1C770_2_00CC1C77
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CD9EEE0_2_00CD9EEE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D2BE440_2_00D2BE44
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC1F320_2_00CC1F32
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000025F2E4321F216_2_0000025F2E4321F2
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000025F2E4390F716_2_0000025F2E4390F7
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000025F2E43291C16_2_0000025F2E43291C
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000025F2E43223216_2_0000025F2E432232
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00CBF9F2 appears 40 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00CA9CB3 appears 31 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00CC0A30 appears 46 times
Source: file.exe, 00000000.00000003.2099869072.00000000012FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs file.exe
Source: file.exe, 00000000.00000002.2101088076.00000000012FF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs file.exe
Source: file.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
Source: classification engineClassification label: mal64.evad.winEXE@74/294@58/27
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D137B5 GetLastError,FormatMessageW,0_2_00D137B5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D010BF AdjustTokenPrivileges,CloseHandle,0_2_00D010BF
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D016C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_00D016C3
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D151CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_00D151CD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0D4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,FindCloseChangeNotification,0_2_00D0D4DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D1648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_00D1648E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CA42A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00CA42A2
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeFile created: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ccbd2453-130e-4de6-80ce-f1b98ff227ac.tmpJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: firefox.exe, 00000005.00000003.2304204764.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306049181.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2310666280.00000164F32BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
Source: firefox.exe, 00000005.00000003.2304204764.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306049181.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2310666280.00000164F32BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
Source: firefox.exe, 00000005.00000003.2304204764.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306049181.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2310666280.00000164F32BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
Source: firefox.exe, 00000005.00000003.2304204764.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306049181.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2310666280.00000164F32BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
Source: firefox.exe, 00000005.00000003.2304204764.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306049181.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2310666280.00000164F32BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
Source: firefox.exe, 00000005.00000003.2304204764.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306049181.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2310666280.00000164F32BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
Source: firefox.exe, 00000005.00000003.2304204764.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306049181.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2310666280.00000164F32BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
Source: firefox.exe, 00000005.00000003.2304204764.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306049181.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2310666280.00000164F32BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
Source: firefox.exe, 00000005.00000003.2304204764.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306049181.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2310666280.00000164F32BE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
Source: file.exeReversingLabs: Detection: 26%
Source: file.exeVirustotal: Detection: 30%
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=2036,i,11203481130552999649,2043710382605109733,262144 /prefetch:3
Source: unknownProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:3
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2256 -parentBuildID 20230927232528 -prefsHandle 2188 -prefMapHandle 2180 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dec7774c-fda2-40d6-963f-1a0f505464f8} 3176 "\\.\pipe\gecko-crash-server-pipe.3176" 164e0c6db10 socket
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6664 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6816 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4624 -parentBuildID 20230927232528 -prefsHandle 4612 -prefMapHandle 4608 -prefsLen 30974 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2838e6d-0a58-45e2-9f14-197d166c90c2} 3176 "\\.\pipe\gecko-crash-server-pipe.3176" 164fa9f8e10 rdd
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=6564 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7124 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7828 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5028 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5036 -prefMapHandle 5040 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdbcea3d-74cd-4886-9c0a-73c063685dc1} 3176 "\\.\pipe\gecko-crash-server-pipe.3176" 164fb965310 utility
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6820 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=2036,i,11203481130552999649,2043710382605109733,262144 /prefetch:3Jump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2256 -parentBuildID 20230927232528 -prefsHandle 2188 -prefMapHandle 2180 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dec7774c-fda2-40d6-963f-1a0f505464f8} 3176 "\\.\pipe\gecko-crash-server-pipe.3176" 164e0c6db10 socketJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4624 -parentBuildID 20230927232528 -prefsHandle 4612 -prefMapHandle 4608 -prefsLen 30974 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2838e6d-0a58-45e2-9f14-197d166c90c2} 3176 "\\.\pipe\gecko-crash-server-pipe.3176" 164fa9f8e10 rddJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5028 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5036 -prefMapHandle 5040 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdbcea3d-74cd-4886-9c0a-73c063685dc1} 3176 "\\.\pipe\gecko-crash-server-pipe.3176" 164fb965310 utilityJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:3Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6664 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6816 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=6564 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=6564 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=6564 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7124 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7828 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6820 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8Jump to behavior
Source: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exeProcess created: unknown unknownJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wsock32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mpr.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pcacli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sfc_os.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.5.dr
Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.5.dr
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CA42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00CA42DE
Source: gmpopenh264.dll.tmp.5.drStatic PE information: section name: .rodata
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF668E push ss; retf 0_2_00CF668F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF6686 push ss; retf 0_2_00CF6687
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF6682 push ss; retf 0_2_00CF6683
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC0A76 push ecx; ret 0_2_00CC0A89
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF4CE6 push 0000003Eh; iretd 0_2_00CF4CE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CAD01B push cs; iretd 0_2_00CAD01E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB1199 push cs; retf 0_2_00CB119A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB119C push cs; retf 0_2_00CB11A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB124F pushad ; iretd 0_2_00CB1252
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB124D pushad ; iretd 0_2_00CB124E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB1247 pushad ; iretd 0_2_00CB124A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB125F pushad ; iretd 0_2_00CB1262
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB1253 pushad ; iretd 0_2_00CB1256
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB1263 pushad ; iretd 0_2_00CB1266
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF56D8 push eax; iretd 0_2_00CF56DA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF56E9 push esp; iretd 0_2_00CF56EA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF57E4 push ebx; iretd 0_2_00CF57FA
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF57E1 push ebx; iretd 0_2_00CF57E2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF57FC push esi; iretd 0_2_00CF5802
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF1788 push ss; iretd 0_2_00CF1789
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF5788 push eax; iretd 0_2_00CF578A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF179F push ss; iretd 0_2_00CF17A1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF5799 push esp; iretd 0_2_00CF579A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF1797 push ss; iretd 0_2_00CF179D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF17AC push ss; iretd 0_2_00CF17AD
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF17A8 push ss; iretd 0_2_00CF17A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF17A3 push ss; iretd 0_2_00CF17A5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF57B8 push ebx; iretd 0_2_00CF57CE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF57B5 push ebx; iretd 0_2_00CF57B6
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF17B0 push ss; iretd 0_2_00CF17B1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CF5741 push esp; iretd 0_2_00CF5742
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CBF98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00CBF98E
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D31C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00D31C41
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

Malware Analysis System Evasion

barindex
Found API chain indicative of sandbox detection
Source: C:\Users\user\Desktop\file.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-97077
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000025F2E4321F2 rdtsc 16_2_0000025F2E4321F2
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.2 %
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0DBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_00D0DBBE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CDC2A2 FindFirstFileExW,0_2_00CDC2A2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D168EE FindFirstFileW,FindClose,0_2_00D168EE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D1698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_00D1698F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0D076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00D0D076
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0D3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00D0D3A9
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D19642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00D19642
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D1979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00D1979D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D19B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00D19B2B
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D15C97 FindFirstFileW,FindNextFileW,FindClose,0_2_00D15C97
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CA42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00CA42DE
Source: firefox.exe, 0000000A.00000002.3366908453.0000020F7AA40000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllX
Source: Web Data.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: firefox.exe, 00000005.00000003.2114850302.00000164E381B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWxo
Source: Web Data.8.drBinary or memory string: discord.comVMware20,11696428655f
Source: Web Data.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: Web Data.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: Web Data.8.drBinary or memory string: global block list test formVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: firefox.exe, 00000005.00000003.2114850302.00000164E37D4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3362080004.0000020F7A21A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3366908453.0000020F7AA40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3366635270.0000025F2E450000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3360010247.0000025F2DC6A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3360695816.00000157DF68A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3365872374.00000157DF940000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: firefox.exe, 0000000A.00000002.3366276744.0000020F7A615000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
Source: Web Data.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: Web Data.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: firefox.exe, 0000000A.00000002.3366908453.0000020F7AA40000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWj
Source: Web Data.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
Source: Web Data.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: Web Data.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: Web Data.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: Web Data.8.drBinary or memory string: outlook.office365.comVMware20,11696428655t
Source: Web Data.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: firefox.exe, 0000000A.00000002.3362080004.0000020F7A21A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3366908453.0000020F7AA40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3366635270.0000025F2E450000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: Web Data.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: Web Data.8.drBinary or memory string: outlook.office.comVMware20,11696428655s
Source: Web Data.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: Web Data.8.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
Source: Web Data.8.drBinary or memory string: AMC password management pageVMware20,11696428655
Source: Web Data.8.drBinary or memory string: tasks.office.comVMware20,11696428655o
Source: Web Data.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: Web Data.8.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: Web Data.8.drBinary or memory string: interactivebrokers.comVMware20,11696428655
Source: firefox.exe, 0000000A.00000002.3362080004.0000020F7A21A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWPW$z
Source: Web Data.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: Web Data.8.drBinary or memory string: dev.azure.comVMware20,11696428655j
Source: Web Data.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: Web Data.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: firefox.exe, 00000010.00000002.3366635270.0000025F2E450000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllK
Source: Web Data.8.drBinary or memory string: bankofamerica.comVMware20,11696428655x
Source: Web Data.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: Web Data.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 16_2_0000025F2E4321F2 rdtsc 16_2_0000025F2E4321F2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D1EAA2 BlockInput,0_2_00D1EAA2
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CD2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00CD2622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CA42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00CA42DE
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC4CE8 mov eax, dword ptr fs:[00000030h]0_2_00CC4CE8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D00B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00D00B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CD2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00CD2622
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00CC083F
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC09D5 SetUnhandledExceptionFilter,0_2_00CC09D5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC0C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00CC0C21
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D01201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00D01201
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CE2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00CE2BA5
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D0B226 SendInput,keybd_event,0_2_00D0B226
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D222DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_00D222DA
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwdJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D00B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_00D00B62
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D01663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_00D01663
Source: file.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: file.exeBinary or memory string: Shell_TrayWnd
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CC0698 cpuid 0_2_00CC0698
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D18195 GetLocalTime,SystemTimeToFileTime,LocalFileTimeToFileTime,GetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,0_2_00D18195
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CFD27A GetUserNameW,0_2_00CFD27A
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CDB952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_00CDB952
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CA42DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_00CA42DE
Source: file.exeBinary or memory string: WIN_81
Source: file.exeBinary or memory string: WIN_XP
Source: file.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
Source: file.exeBinary or memory string: WIN_XPe
Source: file.exeBinary or memory string: WIN_VISTA
Source: file.exeBinary or memory string: WIN_7
Source: file.exeBinary or memory string: WIN_8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D21204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_00D21204
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D21806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00D21806

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire Infrastructure2
Valid Accounts		1
Native API		1
DLL Side-Loading		1
Exploitation for Privilege Escalation		1
Disable or Modify Tools		21
Input Capture		2
System Time Discovery		Remote Services1
Archive Collected Data		4
Ingress Tool Transfer		Exfiltration Over Other Network Medium1
System Shutdown/Reboot
CredentialsDomainsDefault AccountsScheduled Task/Job2
Valid Accounts		1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop Protocol21
Input Capture		11
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
Extra Window Memory Injection		2
Obfuscated Files or Information		Security Account Manager2
File and Directory Discovery		SMB/Windows Admin Shares3
Clipboard Data		4
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
Valid Accounts		1
DLL Side-Loading		NTDS15
System Information Discovery		Distributed Component Object ModelInput Capture5
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
Access Token Manipulation		1
Extra Window Memory Injection		LSA Secrets131
Security Software Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
Process Injection		1
Masquerading		Cached Domain Credentials1
Virtualization/Sandbox Evasion		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
Valid Accounts		DCSync3
Process Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
Virtualization/Sandbox Evasion		Proc Filesystem1
Application Window Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
Access Token Manipulation		/etc/passwd and /etc/shadow1
System Owner/User Discovery		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron12
Process Injection		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1505556 Sample: file.exe Startdate: 06/09/2024 Architecture: WINDOWS Score: 64 44 us-west1.prod.sumo.prod.webservices.mozgcp.net 2->44 46 telemetry-incoming.r53-2.services.mozilla.com 2->46 48 24 other IPs or domains 2->48 66 Multi AV Scanner detection for submitted file 2->66 68 Binary is likely a compiled AutoIt script file 2->68 70 Machine Learning detection for sample 2->70 72 AI detected suspicious sample 2->72 8 file.exe 1 2->8         started        11 msedge.exe 104 406 2->11         started        14 firefox.exe 1 2->14         started        signatures3 process4 dnsIp5 74 Binary is likely a compiled AutoIt script file 8->74 76 Found API chain indicative of sandbox detection 8->76 16 msedge.exe 10 8->16         started        18 firefox.exe 1 8->18         started        62 192.168.2.5, 443, 49275, 49561 unknown unknown 11->62 64 239.255.255.250 unknown Reserved 11->64 20 msedge.exe 11->20         started        23 msedge.exe 11->23         started        25 msedge.exe 11->25         started        30 4 other processes 11->30 27 firefox.exe 3 221 14->27         started        signatures6 process7 dnsIp8 32 msedge.exe 16->32         started        50 13.107.246.40, 443, 49764, 49765 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 20->50 52 ssl.bingadsedgeextension-prod-europe.azurewebsites.net 94.245.104.56, 443, 49710, 49716 MICROSOFT-CORP-MSN-AS-BLOCKUS United Kingdom 20->52 58 14 other IPs or domains 20->58 54 services.addons.mozilla.org 18.65.39.112, 443, 49811 MIT-GATEWAYSUS United States 27->54 56 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49743, 49761, 49762 GOOGLEUS United States 27->56 60 9 other IPs or domains 27->60 40 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 27->40 dropped 42 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 27->42 dropped 34 firefox.exe 27->34         started        36 firefox.exe 27->36         started        38 firefox.exe 27->38         started        file9 process10

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe26%ReversingLabs
file.exe31%VirustotalBrowse
file.exe100%Joe Sandbox ML

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.0%URL Reputationsafe
https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge0%URL Reputationsafe
https://i.y.qq.com/n2/m/index.html0%URL Reputationsafe
https://www.deezer.com/0%URL Reputationsafe
https://excel.new?from=EdgeM365Shoreline0%URL Reputationsafe
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref0%URL Reputationsafe
https://outlook.live.com/mail/0/0%URL Reputationsafe
https://tidal.com/0%URL Reputationsafe
https://gaana.com/0%URL Reputationsafe
https://spocs.getpocket.com/spocs0%Avira URL Cloudsafe
http://exslt.org/dates-and-timesp0%Avira URL Cloudsafe
https://screenshots.firefox.com0%Avira URL Cloudsafe
https://merino.services.mozilla.com/api/v1/suggest0%Avira URL Cloudsafe
https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%0%Avira URL Cloudsafe
https://www.leboncoin.fr/0%Avira URL Cloudsafe
https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l0%Avira URL Cloudsafe
https://outlook.live.com/mail/compose?isExtension=true0%URL Reputationsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-0%Avira URL Cloudsafe
http://www.mozilla.com00%Avira URL Cloudsafe
https://latest.web.skype.com/?browsername=edge_canary_shoreline0%URL Reputationsafe
https://ads.stickyadstv.com/firefox-etp0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab0%Avira URL Cloudsafe
https://www.youtube.com0%Avira URL Cloudsafe
https://www.instagram.com0%Avira URL Cloudsafe
https://shavar.services.mozilla.com0%Avira URL Cloudsafe
https://completion.amazon.com/search/complete?q=0%Avira URL Cloudsafe
https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM0%Avira URL Cloudsafe
https://monitor.firefox.com/breach-details/0%Avira URL Cloudsafe
https://identity.mozilla.com/ids/ecosystem_telemetryU0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report0%Avira URL Cloudsafe
https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredA0%Avira URL Cloudsafe
https://profiler.firefox.com/0%Avira URL Cloudsafe
https://tracking-protection-issues.herokuapp.com/new0%Avira URL Cloudsafe
https://www.amazon.com/exec/obidos/external-search/0%Avira URL Cloudsafe
https://outlook.office.com/mail/compose?isExtension=true0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/addon/0%Avira URL Cloudsafe
https://github.com/mozilla-services/screenshots0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report0%Avira URL Cloudsafe
https://www.msn.com0%Avira URL Cloudsafe
http://exslt.org/sets0%Avira URL Cloudsafe
https://web.telegram.org/0%Avira URL Cloudsafe
http://exslt.org/common0%Avira URL Cloudsafe
https://api.accounts.firefox.com/v10%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report0%Avira URL Cloudsafe
https://ok.ru/0%Avira URL Cloudsafe
https://www.amazon.com/0%Avira URL Cloudsafe
https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/0%Avira URL Cloudsafe
https://fpn.firefox.com0%Avira URL Cloudsafe
https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc0%Avira URL Cloudsafe
https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections0%Avira URL Cloudsafe
https://www.youtube.com/0%Avira URL Cloudsafe
https://MD8.mozilla.org/1/m0%Avira URL Cloudsafe
https://www.google.com/favicon.ico0%Avira URL Cloudsafe
https://www.bbc.co.uk/0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield0%Avira URL Cloudsafe
https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=0%Avira URL Cloudsafe
http://127.0.0.1:0%Avira URL Cloudsafe
https://bugzilla.mo0%Avira URL Cloudsafe
https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-1520%Avira URL Cloudsafe
https://mitmdetection.services.mozilla.com/0%Avira URL Cloudsafe
https://static.adsafeprotected.com/firefox-etp-js0%Avira URL Cloudsafe
https://shavar.services.mozilla.com/0%Avira URL Cloudsafe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL0%Avira URL Cloudsafe
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde74770%Avira URL Cloudsafe
https://spocs.getpocket.com/0%Avira URL Cloudsafe
https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture0%Avira URL Cloudsafe
https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%0%Avira URL Cloudsafe
https://services.addons.mozilla.org/api/v4/abuse/report/addon/0%Avira URL Cloudsafe
https://www.iqiyi.com/0%Avira URL Cloudsafe
https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx0%Avira URL Cloudsafe
https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r0%Avira URL Cloudsafe
https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report0%Avira URL Cloudsafe
https://monitor.firefox.com/user/breach-stats?includeResolved=true0%Avira URL Cloudsafe
https://addons.mozilla.org/0%Avira URL Cloudsafe
https://www.office.com0%Avira URL Cloudsafe
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi0%Avira URL Cloudsafe
http://www.inbox.lv/rfc2368/?value=%su0%Avira URL Cloudsafe
https://safebrowsing.google.com/safebrowsing/diagnostic?site=0%Avira URL Cloudsafe
https://monitor.firefox.com/user/dashboard0%Avira URL Cloudsafe
https://monitor.firefox.com/about0%Avira URL Cloudsafe
http://developer.mozilla.org/en/docs/DOM:element.addEventListenerUseOfReleaseEventsWarningUse0%Avira URL Cloudsafe
https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID0%Avira URL Cloudsafe
http://mozilla.org/MPL/2.0/.0%Avira URL Cloudsafe
https://login.microsoftonline.com0%Avira URL Cloudsafe
http://crl.thawte.com/ThawteTimestampingCA.crl00%Avira URL Cloudsafe
https://coverage.mozilla.org0%Avira URL Cloudsafe
https://account.bellmedia.c0%Avira URL Cloudsafe
https://www.zhihu.com/0%Avira URL Cloudsafe
http://x1.c.lencr.org/00%Avira URL Cloudsafe
http://x1.i.lencr.org/00%Avira URL Cloudsafe
https://blocked.cdn.mozilla.net/0%Avira URL Cloudsafe
https://json-schema.org/draft/2019-09/schema0%Avira URL Cloudsafe
https://mozilla-hub.atlassian.net/browse/SDK-4050%Avira URL Cloudsafe
https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true0%Avira URL Cloudsafe
https://duckduckgo.com/?t=ffab&q=0%Avira URL Cloudsafe
https://profiler.firefox.com0%Avira URL Cloudsafe
https://outlook.live.com/default.aspx?rru=compose&to=%s0%Avira URL Cloudsafe
https://identity.mozilla.com/apps/relay0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
example.org
93.184.215.14
truefalse
    		unknown
    chrome.cloudflare-dns.com
    		162.159.61.3
    		truefalse
      		unknown
      prod.classify-client.prod.webservices.mozgcp.net
      		35.190.72.216
      		truefalse
        		unknown
        prod.balrog.prod.cloudops.mozgcp.net
        		35.244.181.201
        		truefalse
          		unknown
          prod.detectportal.prod.cloudops.mozgcp.net
          		34.107.221.82
          		truefalse
            		unknown
            services.addons.mozilla.org
            		18.65.39.112
            		truefalse
              		unknown
              ssl.bingadsedgeextension-prod-europe.azurewebsites.net
              		94.245.104.56
              		truefalse
                		unknown
                prod.remote-settings.prod.webservices.mozgcp.net
                		34.149.100.209
                		truefalse
                  		unknown
                  contile.services.mozilla.com
                  		34.117.188.166
                  		truefalse
                    		unknown
                    prod.content-signature-chains.prod.webservices.mozgcp.net
                    		34.160.144.191
                    		truefalse
                      		unknown
                      us-west1.prod.sumo.prod.webservices.mozgcp.net
                      		34.149.128.2
                      		truefalse
                        		unknown
                        ipv4only.arpa
                        		192.0.0.170
                        		truefalse
                          		unknown
                          prod.ads.prod.webservices.mozgcp.net
                          		34.117.188.166
                          		truefalse
                            		unknown
                            push.services.mozilla.com
                            		34.107.243.93
                            		truefalse
                              		unknown
                              normandy-cdn.services.mozilla.com
                              		35.201.103.21
                              		truefalse
                                		unknown
                                googlehosted.l.googleusercontent.com
                                		142.250.185.225
                                		truefalse
                                  		unknown
                                  telemetry-incoming.r53-2.services.mozilla.com
                                  		34.120.208.123
                                  		truefalse
                                    		unknown
                                    spocs.getpocket.com
                                    		unknown
                                    		unknownfalse
                                      		unknown
                                      detectportal.firefox.com
                                      		unknown
                                      		unknownfalse
                                        		unknown
                                        clients2.googleusercontent.com
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          normandy.cdn.mozilla.net
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            bzib.nelreports.net
                                            		unknown
                                            		unknownfalse
                                              		unknown
                                              content-signature-2.cdn.mozilla.net
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                support.mozilla.org
                                                		unknown
                                                		unknownfalse
                                                  		unknown
                                                  firefox.settings.services.mozilla.com
                                                  		unknown
                                                  		unknownfalse
                                                    		unknown
                                                    shavar.services.mozilla.com
                                                    		unknown
                                                    		unknownfalse
                                                      		unknown

                                                      Contacted URLs

                                                      NameMaliciousAntivirus DetectionReputation
                                                      https://www.google.com/favicon.icofalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://clients2.googleusercontent.com/crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crxfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown

                                                      URLs from Memory and Binaries

                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                      https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 00000010.00000002.3361246573.0000025F2DEC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3361723718.00000157DF8C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://exslt.org/dates-and-timespfirefox.exe, 00000005.00000003.2435573842.00000164ED381000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.mozilla.com0gmpopenh264.dll.tmp.5.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.firefox.exe, 00000005.00000003.2435573842.00000164ED3B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3363234782.0000020F7A5C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3361246573.0000025F2DEF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3366207301.00000157DFB03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 0000000A.00000002.3363234782.0000020F7A572000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3361246573.0000025F2DE86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3361723718.00000157DF88F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.leboncoin.fr/firefox.exe, 00000005.00000003.2278181894.00000164F48B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2345395719.00000164F48B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://spocs.getpocket.com/spocsfirefox.exe, 00000005.00000003.2343198598.00000164FB564000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2196551883.00000164F905F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2274480574.00000164F9059000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2198187474.00000164F2AD8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://screenshots.firefox.comfirefox.exe, 00000005.00000003.2434693383.00000164EDFAD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2434247615.00000164EF599000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.youtube.com96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://shavar.services.mozilla.comfirefox.exe, 00000005.00000003.2270538231.00000164FB6C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://completion.amazon.com/search/complete?q=firefox.exe, 00000005.00000003.2147555016.00000164F156B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147662079.00000164F1583000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147136660.00000164F151C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2146999359.00000164F1200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147405926.00000164F1550000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147270732.00000164F1536000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://ads.stickyadstv.com/firefox-etpfirefox.exe, 00000005.00000003.2428769622.00000164F20A9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2428769622.00000164F205F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 00000005.00000003.2304204764.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306049181.00000164F3298000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2310717102.00000164F3298000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.instagram.com96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://monitor.firefox.com/breach-details/firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredAfirefox.exe, 00000005.00000003.2421633292.00000164FB61E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.amazon.com/exec/obidos/external-search/firefox.exe, 00000005.00000003.2147555016.00000164F156B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2431825154.00000164F1121000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2236212134.00000164F28BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147662079.00000164F1583000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147136660.00000164F151C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2255366157.00000164F28BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2146999359.00000164F1200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147405926.00000164F1550000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147270732.00000164F1536000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://profiler.firefox.com/firefox.exe, 00000005.00000003.2432490122.00000164F0D91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.msn.comfirefox.exe, 00000005.00000003.2422313925.00000164F4889000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278181894.00000164F4889000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://outlook.live.com/mail/inbox?isExtension=true&sharedHeader=1&nlp=1&client_flight=outlookedge96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://outlook.office.com/mail/compose?isExtension=true96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://github.com/mozilla-services/screenshotsfirefox.exe, 00000005.00000003.2147555016.00000164F156B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147136660.00000164F151C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2146999359.00000164F1200000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147405926.00000164F1550000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2147270732.00000164F1536000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://exslt.org/setsfirefox.exe, 00000005.00000003.2435573842.00000164ED38C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://i.y.qq.com/n2/m/index.html96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://www.deezer.com/96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://web.telegram.org/96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://api.accounts.firefox.com/v1firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://exslt.org/commonfirefox.exe, 00000005.00000003.2435573842.00000164ED38C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://ok.ru/firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.amazon.com/firefox.exe, 00000005.00000003.2197990252.00000164F904E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://fpn.firefox.comfirefox.exe, 00000005.00000003.2433769236.00000164EF5CC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2434693383.00000164EDFAD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 00000005.00000003.2421633292.00000164FB61E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://excel.new?from=EdgeM365Shoreline96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://www.youtube.com/firefox.exe, 00000005.00000003.2287898371.00000164FB64A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2432700687.00000164F0D7D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2363859559.00000164FAF1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3361246573.0000025F2DE03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3361723718.00000157DF80C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://MD8.mozilla.org/1/mfirefox.exe, 00000005.00000003.2362703525.00000164FB9D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.bbc.co.uk/firefox.exe, 00000005.00000003.2278181894.00000164F48B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2345395719.00000164F48B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 00000010.00000002.3361246573.0000025F2DEC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3361723718.00000157DF8C4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://127.0.0.1:firefox.exe, 00000005.00000003.2363392161.00000164FB95E000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2363859559.00000164FAF1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 00000005.00000003.2257505791.00000164F1EE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2289869173.00000164F1EE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2220298509.00000164F1EEB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://bugzilla.mofirefox.exe, 00000005.00000003.2311234914.00000164F2F5D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://mitmdetection.services.mozilla.com/firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 00000005.00000003.2428769622.00000164F20A9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://shavar.services.mozilla.com/firefox.exe, 00000005.00000003.2270002652.00000164FBCAB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBLfirefox.exe, 00000005.00000003.2367954411.00000164FBC9C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&reffirefox.exe, 00000005.00000003.2435573842.00000164ED3B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3363234782.0000020F7A5C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3361246573.0000025F2DEF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3366207301.00000157DFB03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477firefox.exe, 00000005.00000003.2435573842.00000164ED3B6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000A.00000002.3363234782.0000020F7A5C9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3361246573.0000025F2DEF1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3366207301.00000157DFB03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 00000005.00000003.2421633292.00000164FB61E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://spocs.getpocket.com/firefox.exe, 00000005.00000003.2343198598.00000164FB564000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2363859559.00000164FAF1F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2288226103.00000164FB186000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2193899475.00000164FB18D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3361246573.0000025F2DE12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000015.00000002.3361723718.00000157DF813000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.iqiyi.com/firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278181894.00000164F48B8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2345395719.00000164F48B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://addons.mozilla.org/firefox.exe, 00000005.00000003.2269813420.00000164FC017000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.office.com96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://outlook.live.com/mail/0/96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYifirefox.exe, 00000015.00000002.3366207301.00000157DFB03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.5.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 00000005.00000003.2432213871.00000164F0DBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://monitor.firefox.com/user/dashboardfirefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://developer.mozilla.org/en/docs/DOM:element.addEventListenerUseOfReleaseEventsWarningUsefirefox.exe, 00000005.00000003.2421633292.00000164FB61E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://tidal.com/96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://monitor.firefox.com/aboutfirefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://mozilla.org/MPL/2.0/.firefox.exe, 00000005.00000003.2243356001.00000164F1ABD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2357239322.00000164F1AEB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2254227181.00000164F1E81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2257505791.00000164F1EE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2289869173.00000164F1EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2240948656.00000164F8EB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2255583212.00000164F1ED7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2269906131.00000164FBEEA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2289869173.00000164F1EE2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2289869173.00000164F1EE7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2299145862.00000164F0F18000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2302682846.00000164F3EB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2302257564.00000164F4834000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2353050393.00000164F14FB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2255225484.00000164F1DC8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2279067237.00000164F4853000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2307412400.00000164FA9D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2236212134.00000164F28BC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2221150989.00000164F1DF3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2241836023.00000164F8EA6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2421987460.00000164FA9DB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://account.bellmedia.cfirefox.exe, 00000005.00000003.2422313925.00000164F4889000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278181894.00000164F4889000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://gaana.com/96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://login.microsoftonline.comfirefox.exe, 00000005.00000003.2422313925.00000164F4889000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2278181894.00000164F4889000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://coverage.mozilla.orgfirefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.5.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.zhihu.com/firefox.exe, 00000005.00000003.2309714684.00000164F3A77000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2418981031.00000164F8F1B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://x1.c.lencr.org/0firefox.exe, 00000005.00000003.2276699412.00000164F8F20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://x1.i.lencr.org/0firefox.exe, 00000005.00000003.2276699412.00000164F8F20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://outlook.live.com/mail/compose?isExtension=true96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://mozilla-hub.atlassian.net/browse/SDK-405firefox.exe, 00000005.00000003.2192780774.00000164FBEDD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://blocked.cdn.mozilla.net/firefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://json-schema.org/draft/2019-09/schemafirefox.exe, 00000005.00000003.2287898371.00000164FB64A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2342968043.00000164FB64B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://duckduckgo.com/?t=ffab&q=firefox.exe, 00000005.00000003.2274480574.00000164F9059000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://outlook.office.com/calendar/view/agenda/quickcapture/moreDetails?isExtension=true96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://profiler.firefox.comfirefox.exe, 0000000A.00000002.3362422859.0000020F7A320000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.3365552485.0000025F2E390000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000015.00000002.3365976862.00000157DFA40000.00000002.10000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 00000005.00000003.2239884076.00000164F147D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2432062451.00000164F0DCB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2158528206.00000164F147D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://identity.mozilla.com/apps/relayfirefox.exe, 00000005.00000003.2311073917.00000164F2F84000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000005.00000003.2306452802.00000164F2F74000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://latest.web.skype.com/?browsername=edge_canary_shoreline96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp.8.drfalse
                                                      • URL Reputation: safe
                                                      		unknown

                                                      World Map of Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public IPs

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      13.107.246.40
                                                      		unknownUnited States
                                                      		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                      23.55.235.170
                                                      		unknownUnited States
                                                      		20940AKAMAI-ASN1EUfalse
                                                      152.195.19.97
                                                      		unknownUnited States
                                                      		15133EDGECASTUSfalse
                                                      142.250.176.206
                                                      		unknownUnited States
                                                      		15169GOOGLEUSfalse
                                                      172.253.122.84
                                                      		unknownUnited States
                                                      		15169GOOGLEUSfalse
                                                      142.250.185.225
                                                      		googlehosted.l.googleusercontent.comUnited States
                                                      		15169GOOGLEUSfalse
                                                      162.159.61.3
                                                      		chrome.cloudflare-dns.comUnited States
                                                      		13335CLOUDFLARENETUSfalse
                                                      142.251.40.110
                                                      		unknownUnited States
                                                      		15169GOOGLEUSfalse
                                                      34.117.188.166
                                                      		contile.services.mozilla.comUnited States
                                                      		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                      23.219.82.73
                                                      		unknownUnited States
                                                      		20940AKAMAI-ASN1EUfalse
                                                      35.201.103.21
                                                      		normandy-cdn.services.mozilla.comUnited States
                                                      		15169GOOGLEUSfalse
                                                      172.64.41.3
                                                      		unknownUnited States
                                                      		13335CLOUDFLARENETUSfalse
                                                      34.120.208.123
                                                      		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                      		15169GOOGLEUSfalse
                                                      94.245.104.56
                                                      		ssl.bingadsedgeextension-prod-europe.azurewebsites.netUnited Kingdom
                                                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                      34.149.100.209
                                                      		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                      		2686ATGS-MMD-ASUSfalse
                                                      34.107.243.93
                                                      		push.services.mozilla.comUnited States
                                                      		15169GOOGLEUSfalse
                                                      34.107.221.82
                                                      		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                      		15169GOOGLEUSfalse
                                                      142.250.80.99
                                                      		unknownUnited States
                                                      		15169GOOGLEUSfalse
                                                      35.244.181.201
                                                      		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                      		15169GOOGLEUSfalse
                                                      239.255.255.250
                                                      		unknownReserved
                                                      		unknownunknownfalse
                                                      18.65.39.112
                                                      		services.addons.mozilla.orgUnited States
                                                      		3MIT-GATEWAYSUSfalse
                                                      35.190.72.216
                                                      		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                      		15169GOOGLEUSfalse
                                                      34.160.144.191
                                                      		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                      		2686ATGS-MMD-ASUSfalse
                                                      142.251.41.4
                                                      		unknownUnited States
                                                      		15169GOOGLEUSfalse
                                                      142.250.31.84
                                                      		unknownUnited States
                                                      		15169GOOGLEUSfalse

                                                      Private

                                                      IP
                                                      192.168.2.5
                                                      127.0.0.1

                                                      General Information

                                                      Joe Sandbox version:40.0.0 Tourmaline
                                                      Analysis ID:1505556
                                                      Start date and time:2024-09-06 13:53:05 +02:00
                                                      Joe Sandbox product:CloudBasic
                                                      Overall analysis duration:0h 6m 48s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Cookbook file name:default.jbs
                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                      Number of analysed new started processes analysed:25
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:0
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Sample name:file.exe
                                                      Detection:MAL
                                                      Classification:mal64.evad.winEXE@74/294@58/27
                                                      EGA Information:
                                                      • Successful, ratio: 50%
                                                      HCA Information:
                                                      • Successful, ratio: 96%
                                                      • Number of executed functions: 35
                                                      • Number of non-executed functions: 313
                                                      Cookbook Comments:
                                                      • Found application associated with file extension: .exe

                                                      Warnings

                                                      • Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, svchost.exe
                                                      • Excluded IPs from analysis (whitelisted): 142.251.173.84, 142.250.184.206, 13.107.21.239, 204.79.197.239, 13.107.6.158, 13.107.42.16, 2.19.126.145, 2.19.126.152, 216.58.206.67, 2.23.209.149, 2.23.209.143, 2.23.209.144, 2.23.209.147, 2.23.209.150, 2.23.209.148, 2.23.209.156, 2.23.209.155, 2.23.209.154, 172.217.18.3, 20.199.58.43, 74.125.71.84, 64.233.166.84, 44.239.24.213, 35.84.243.71, 52.11.251.113, 199.232.214.172, 192.229.221.95, 172.217.18.14, 2.22.61.59, 2.22.61.56, 2.18.121.79, 2.18.121.73, 142.250.185.106, 142.250.184.238, 142.251.40.227, 142.251.40.163, 142.251.40.99
                                                      • Excluded domains from analysis (whitelisted): ciscobinary.openh264.org, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, a416.dscd.akamai.net, incoming.telemetry.mozilla.org, a17.rackcdn.com.mdc.edgesuite.net, iris-de-prod-azsc-v2-frc.francecentral.cloudapp.azure.com, aus5.mozilla.org, arc.msn.com, a19.dscg10.akamai.net, clients2.google.com, e86303.dscx.akamaiedge.net, ocsp.digicert.com, www.bing.com.edgekey.net, redirector.gvt1.com, config-edge-skype.l-0007.l-msedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, arc.trafficmanager.net, safebrowsing.googleapis.com, www.gstatic.com, l-0007.l-msedge.net, config.edge.skype.com, www.bing.com, edge-microsoft-com.dual-a-0036.a-msedge.net, fs.microsoft.com, shavar.prod.mozaws.net, accounts.google.com, bingadsedgeextension-prod.trafficmanager.net, bzib.nelreports.net.akamaized.net, api.edgeoffer.microsoft.com, fonts.gstatic.com, ctldl.windowsupdate.com, b-0005.b-msedge.net, detectportal.prod.mozaws.net, www-www.bing.com.trafficmanager.net, edge.
                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                      • Report size getting too big, too many NtCreateFile calls found.
                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                      • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                      Simulations

                                                      Behavior and APIs

                                                      TimeTypeDescription
                                                      07:54:14API Interceptor1x Sleep call for process: firefox.exe modified

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      13.107.246.40Payment Transfer Receipt.shtmlGet hashmaliciousHTMLPhisherBrowse
                                                      • www.aib.gov.uk/
                                                      NEW ORDER.xlsGet hashmaliciousUnknownBrowse
                                                      • 2s.gg/3zs
                                                      PO_OCF 408.xlsGet hashmaliciousUnknownBrowse
                                                      • 2s.gg/42Q
                                                      06836722_218 Aluplast.docx.docGet hashmaliciousUnknownBrowse
                                                      • 2s.gg/3zk
                                                      Quotation.xlsGet hashmaliciousUnknownBrowse
                                                      • 2s.gg/3zM
                                                      23.55.235.170file.exeGet hashmaliciousUnknownBrowse
                                                        file.exeGet hashmaliciousUnknownBrowse
                                                          file.exeGet hashmaliciousUnknownBrowse
                                                            file.exeGet hashmaliciousUnknownBrowse
                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                file.exeGet hashmaliciousAmadey, StealcBrowse
                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                          152.195.19.97http://ustteam.com/Get hashmaliciousUnknownBrowse
                                                                          • www.ust.com/

                                                                          Domains

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          chrome.cloudflare-dns.comfile.exeGet hashmaliciousUnknownBrowse
                                                                          • 162.159.61.3
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 172.64.41.3
                                                                          pud8g3zixE.exeGet hashmaliciousAmadey, StealcBrowse
                                                                          • 172.64.41.3
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 162.159.61.3
                                                                          709827261526152615.exeGet hashmaliciousFormBookBrowse
                                                                          • 172.64.41.3
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 162.159.61.3
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 172.64.41.3
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 162.159.61.3
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 162.159.61.3
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 162.159.61.3
                                                                          example.orgfile.exeGet hashmaliciousUnknownBrowse
                                                                          • 93.184.215.14
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 93.184.215.14
                                                                          pud8g3zixE.exeGet hashmaliciousAmadey, StealcBrowse
                                                                          • 93.184.215.14
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 93.184.215.14
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 93.184.215.14
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 93.184.215.14
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 93.184.215.14
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 93.184.215.14
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 93.184.215.14
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 93.184.215.14
                                                                          ssl.bingadsedgeextension-prod-europe.azurewebsites.netfile.exeGet hashmaliciousUnknownBrowse
                                                                          • 94.245.104.56
                                                                          pud8g3zixE.exeGet hashmaliciousAmadey, StealcBrowse
                                                                          • 94.245.104.56
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 94.245.104.56
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 94.245.104.56
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 94.245.104.56
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 94.245.104.56
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 94.245.104.56
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 94.245.104.56
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 94.245.104.56
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 94.245.104.56
                                                                          services.addons.mozilla.orgfile.exeGet hashmaliciousUnknownBrowse
                                                                          • 3.164.68.56
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 52.222.236.120
                                                                          pud8g3zixE.exeGet hashmaliciousAmadey, StealcBrowse
                                                                          • 52.222.236.48
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 18.65.39.31
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 52.222.236.120
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 52.222.236.80
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 52.222.236.48
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 52.222.236.120
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 52.222.236.23
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 3.165.190.17

                                                                          ASNs

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          AKAMAI-ASN1EUNEOM_SUPPLIER_EOI&QUESTIONNAIR_FORM_SHEET.PDF.EXEGet hashmaliciousAgentTesla, RedLineBrowse
                                                                          • 172.234.222.138
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 23.44.201.31
                                                                          pud8g3zixE.exeGet hashmaliciousAmadey, StealcBrowse
                                                                          • 23.44.201.4
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 23.219.161.132
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 23.44.201.36
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 23.219.161.132
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 23.44.201.16
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 23.44.201.27
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 23.44.133.38
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 104.126.116.43
                                                                          CLOUDFLARENETUSNEOM_SUPPLIER_EOI&QUESTIONNAIR_FORM_SHEET.PDF.EXEGet hashmaliciousAgentTesla, RedLineBrowse
                                                                          • 104.26.13.205
                                                                          Request for Quotation_1.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                          • 104.16.185.241
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 172.64.41.3
                                                                          SecuriteInfo.com.Exploit.CVE-2017-11882.123.4528.19655.rtfGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                          • 188.114.96.3
                                                                          wtfbbq (copy).exeGet hashmaliciousLatrodectusBrowse
                                                                          • 172.67.190.90
                                                                          https://emyoo.com.au/wp-includes/Text/Diff/Renderer/Get hashmaliciousHTMLPhisherBrowse
                                                                          • 104.17.25.14
                                                                          Team Liquid Talents Brief.exeGet hashmaliciousLummaCBrowse
                                                                          • 188.114.96.3
                                                                          New Media Kit Formats For Liquid.exeGet hashmaliciousLummaC, MicroClipBrowse
                                                                          • 172.67.146.35
                                                                          Distributrnets.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                          • 188.114.96.3
                                                                          https://hye.com.mx/Get hashmaliciousUnknownBrowse
                                                                          • 104.18.10.207
                                                                          EDGECASTUSfile.exeGet hashmaliciousUnknownBrowse
                                                                          • 152.195.19.97
                                                                          Remittance Advice.emlGet hashmaliciousReCaptcha PhishBrowse
                                                                          • 152.199.23.180
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 152.195.19.97
                                                                          pud8g3zixE.exeGet hashmaliciousAmadey, StealcBrowse
                                                                          • 152.195.19.97
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 152.195.19.97
                                                                          709827261526152615.exeGet hashmaliciousFormBookBrowse
                                                                          • 152.195.19.97
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 152.195.19.97
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 152.195.19.97
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 152.195.19.97
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 152.195.19.97
                                                                          MICROSOFT-CORP-MSN-AS-BLOCKUSgold.exeGet hashmaliciousRedLineBrowse
                                                                          • 20.52.165.210
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 94.245.104.56
                                                                          Remittance Advice.emlGet hashmaliciousReCaptcha PhishBrowse
                                                                          • 20.189.173.27
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 13.107.246.60
                                                                          pud8g3zixE.exeGet hashmaliciousAmadey, StealcBrowse
                                                                          • 94.245.104.56
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 94.245.104.56
                                                                          ODy57hA4Su.exeGet hashmaliciousTofseeBrowse
                                                                          • 52.101.11.0
                                                                          Uc84uB877e.exeGet hashmaliciousTofseeBrowse
                                                                          • 52.101.8.49
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 13.107.253.72
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 94.245.104.56

                                                                          JA3 Fingerprints

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          28a2c9bd18a11de089ef85a160da29e4https://hijauanhills.com.my/wp-content/upgrade/index.php?uid=qvc-communication@qvcjp.comGet hashmaliciousUnknownBrowse
                                                                          • 40.68.123.157
                                                                          • 184.28.90.27
                                                                          http://jan47nfhc.3utilities.com/#a7oOTE-SUREJACKam9obi50aGlncGluQGNoZXJva2VlYnJpY2suY29tGet hashmaliciousUnknownBrowse
                                                                          • 40.68.123.157
                                                                          • 184.28.90.27
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 40.68.123.157
                                                                          • 184.28.90.27
                                                                          https://emyoo.com.au/wp-includes/Text/Diff/Renderer/Get hashmaliciousHTMLPhisherBrowse
                                                                          • 40.68.123.157
                                                                          • 184.28.90.27
                                                                          https://clarity-financial.com.au/wp-includes/widgets/Get hashmaliciousUnknownBrowse
                                                                          • 40.68.123.157
                                                                          • 184.28.90.27
                                                                          https://hye.com.mx/Get hashmaliciousUnknownBrowse
                                                                          • 40.68.123.157
                                                                          • 184.28.90.27
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 40.68.123.157
                                                                          • 184.28.90.27
                                                                          http://hikmaa.com/Get hashmaliciousUnknownBrowse
                                                                          • 40.68.123.157
                                                                          • 184.28.90.27
                                                                          https://www.tiktok.com/link/v2?aid=1988&lang=en&scene=bio_url&target=google.com.////amp/s/%E2%80%8Bt%C2%ADab%C2%ADleg%C2%ADen%C2%ADie%E2%80%8B.%C2%ADi%C2%ADo/dayo/1iuzr/ecqi-resource-center@hhs.govGet hashmaliciousHTMLPhisherBrowse
                                                                          • 40.68.123.157
                                                                          • 184.28.90.27
                                                                          pud8g3zixE.exeGet hashmaliciousAmadey, StealcBrowse
                                                                          • 40.68.123.157
                                                                          • 184.28.90.27
                                                                          fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousUnknownBrowse
                                                                          • 35.244.181.201
                                                                          • 34.149.100.209
                                                                          • 34.160.144.191
                                                                          • 18.65.39.112
                                                                          • 34.120.208.123
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 35.244.181.201
                                                                          • 34.149.100.209
                                                                          • 34.160.144.191
                                                                          • 18.65.39.112
                                                                          • 34.120.208.123
                                                                          pud8g3zixE.exeGet hashmaliciousAmadey, StealcBrowse
                                                                          • 35.244.181.201
                                                                          • 34.149.100.209
                                                                          • 34.160.144.191
                                                                          • 18.65.39.112
                                                                          • 34.120.208.123
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 35.244.181.201
                                                                          • 34.149.100.209
                                                                          • 34.160.144.191
                                                                          • 18.65.39.112
                                                                          • 34.120.208.123
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 35.244.181.201
                                                                          • 34.149.100.209
                                                                          • 34.160.144.191
                                                                          • 18.65.39.112
                                                                          • 34.120.208.123
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 35.244.181.201
                                                                          • 34.149.100.209
                                                                          • 34.160.144.191
                                                                          • 18.65.39.112
                                                                          • 34.120.208.123
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 35.244.181.201
                                                                          • 34.149.100.209
                                                                          • 34.160.144.191
                                                                          • 18.65.39.112
                                                                          • 34.120.208.123
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 35.244.181.201
                                                                          • 34.149.100.209
                                                                          • 34.160.144.191
                                                                          • 18.65.39.112
                                                                          • 34.120.208.123
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 35.244.181.201
                                                                          • 34.149.100.209
                                                                          • 34.160.144.191
                                                                          • 18.65.39.112
                                                                          • 34.120.208.123
                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                          • 35.244.181.201
                                                                          • 34.149.100.209
                                                                          • 34.160.144.191
                                                                          • 18.65.39.112
                                                                          • 34.120.208.123

                                                                          Dropped Files

                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                          C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpfile.exeGet hashmaliciousUnknownBrowse
                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                              pud8g3zixE.exeGet hashmaliciousAmadey, StealcBrowse
                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                  file.exeGet hashmaliciousUnknownBrowse
                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                              C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)file.exeGet hashmaliciousUnknownBrowse
                                                                                                file.exeGet hashmaliciousUnknownBrowse
                                                                                                  pud8g3zixE.exeGet hashmaliciousAmadey, StealcBrowse
                                                                                                    file.exeGet hashmaliciousUnknownBrowse
                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                file.exeGet hashmaliciousUnknownBrowse

                                                                                                                  Created / dropped Files

                                                                                                                  C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_ea153f15-3c29-49e2-9f47-a9edea1da591.json (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):7813
                                                                                                                  Entropy (8bit):5.177348732258175
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:biKMXJl+cbhbVbTbfbRbObtbyEl7n4rvJA6wnSrDtTkd/SS:biPycNhnzFSJYrWjnSrDhkd/n
                                                                                                                  MD5:70DEF8AD1EB7A5585F5CA1A1D1339E72
                                                                                                                  SHA1:1640757BFD048F8F52143B29B70098964505671A
                                                                                                                  SHA-256:FE45659ABB40806B200BD52B4670E3522CFA4FF2AEAAEC53C703F00907FEB30E
                                                                                                                  SHA-512:76EDD09697AA329D3277D0A6E210B917E9DC7DD2F578ADA765E003F0688C0188450142F1D0E44327D25DD4E8249DD59C9C1372A8E0AE6DEE244EBCF98FC884E8
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"type":"uninstall","id":"ea153f15-3c29-49e2-9f47-a9edea1da591","creationDate":"2024-09-06T13:05:17.573Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                  C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_ea153f15-3c29-49e2-9f47-a9edea1da591.json.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):7813
                                                                                                                  Entropy (8bit):5.177348732258175
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:biKMXJl+cbhbVbTbfbRbObtbyEl7n4rvJA6wnSrDtTkd/SS:biPycNhnzFSJYrWjnSrDhkd/n
                                                                                                                  MD5:70DEF8AD1EB7A5585F5CA1A1D1339E72
                                                                                                                  SHA1:1640757BFD048F8F52143B29B70098964505671A
                                                                                                                  SHA-256:FE45659ABB40806B200BD52B4670E3522CFA4FF2AEAAEC53C703F00907FEB30E
                                                                                                                  SHA-512:76EDD09697AA329D3277D0A6E210B917E9DC7DD2F578ADA765E003F0688C0188450142F1D0E44327D25DD4E8249DD59C9C1372A8E0AE6DEE244EBCF98FC884E8
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"type":"uninstall","id":"ea153f15-3c29-49e2-9f47-a9edea1da591","creationDate":"2024-09-06T13:05:17.573Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"1fca7bd2-7b44-4c45-b0ea-e0486850ce95","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\249844a9-cc78-4a9c-9bc5-10003a5a70f2.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):45975
                                                                                                                  Entropy (8bit):6.087502981040731
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:mMGQ7FCYXGIgtDAWtJ4m98eBWhDO6vP6OpT8aV/puGPeFD8VQavCAoBGoup1Xl3O:mMGQ5XMBh98y617yavRoBhu3VlXr4j
                                                                                                                  MD5:75D345BF2F2C3EFFBA1A2F2D30B6F5EE
                                                                                                                  SHA1:73E4547FDADA29E9810E524DF0E94137BE8AE7D1
                                                                                                                  SHA-256:8D03BEE2EBC4CC6697B243B23B20E58AE2D445C3B251C3BDDAE285ADA8EF7833
                                                                                                                  SHA-512:4F9320ADE8828B30DE2D327E7251FC96E40449B76AF0BACA85452290DEA200DE06B7CF76A136503EDC06E241933C3680D074FC4A68C8C78F53F189FD0E900263
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\3dd6789a-2bb5-4731-9d39-b2903647a727.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):44652
                                                                                                                  Entropy (8bit):6.096417928568092
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4xkB4wudhDO6vP6OpT8ah/puGPeFD8cGoup1Xl3jVzXq:z/Ps+wsI7yOEB613chu3VlXr4CRo1
                                                                                                                  MD5:5F60CA5606598288AE68B8D09B1B7DEA
                                                                                                                  SHA1:A1C0F62BB8A33B85159D481146D2DCEF0739F62B
                                                                                                                  SHA-256:838435B0E8CA017BB8AA953A89CF1B0FDD81A82AB76976E346C0625F0BC8559F
                                                                                                                  SHA-512:A9140909751C40ABF3EBACF86F878F90D28F92F1373672391FCDEC5BC4A7B560F427DAF1830582C875BD7C72E2D8889A19451A9199D3FA5ABA53853E853F91DA
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\73474212-626e-430a-92ec-5c1f050b2767.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:modified
                                                                                                                  Size (bytes):44596
                                                                                                                  Entropy (8bit):6.096002147962125
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBWwudhDO6vP6OpT8apYpDK0uFEZacGoup1Xl3jVz6:z/Ps+wsI7ynEX61Xchu3VlXr4CRo1
                                                                                                                  MD5:1E8E8089C4D60AED20CAA73AB61591B5
                                                                                                                  SHA1:68DA49E74AE3A3D8AA50C43162046C19E65A4D02
                                                                                                                  SHA-256:E7BA0071D472336E7F5756FA24B7968984BC5B9C39734C88DE47A48A6A50D788
                                                                                                                  SHA-512:F2F0921738A7D583DBB62073EEC4B4BBA2DD32A1B12CB5B7912111C04A1C1853B5CBA35B3964031F8A985D43FEE133A0243B2E2C940C57575464E2D978E98C5C
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\91214ab6-5206-4ad7-8aa8-f94d9df2e0f0.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):44596
                                                                                                                  Entropy (8bit):6.096002147962125
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBWwudhDO6vP6OpT8apYpDK0uFEZacGoup1Xl3jVz6:z/Ps+wsI7ynEX61Xchu3VlXr4CRo1
                                                                                                                  MD5:1E8E8089C4D60AED20CAA73AB61591B5
                                                                                                                  SHA1:68DA49E74AE3A3D8AA50C43162046C19E65A4D02
                                                                                                                  SHA-256:E7BA0071D472336E7F5756FA24B7968984BC5B9C39734C88DE47A48A6A50D788
                                                                                                                  SHA-512:F2F0921738A7D583DBB62073EEC4B4BBA2DD32A1B12CB5B7912111C04A1C1853B5CBA35B3964031F8A985D43FEE133A0243B2E2C940C57575464E2D978E98C5C
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\974362ce-cead-4e92-9da4-dae70dba54a9.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):45975
                                                                                                                  Entropy (8bit):6.0875059699979985
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:mMGQ7FCYXGIgtDAWtJ4mo8eBWhDO6vP6OpT8aV/puGPeFD8VQavCAoBGoup1Xl3O:mMGQ5XMBho8y617yavRoBhu3VlXr4j
                                                                                                                  MD5:021439225CBD32E0205380EB114B9F24
                                                                                                                  SHA1:2F6F300E1FE365255534979E17591D8FDD432C56
                                                                                                                  SHA-256:309EB5B8844D45B9F1F13D61BF841ABB4B43C124A2A6277C534E2ECF1E6598A4
                                                                                                                  SHA-512:06C203ED462207D37487991E4C480F0E834593FCFC689CD5A5B081AB3CBB2F293FDA102B520C8F5D2A7DADE28C0F78506532FB1E2CEF444C470885DCE51462A6
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\0831b037-0711-4128-8b7b-0c9be1116553.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):107893
                                                                                                                  Entropy (8bit):4.640149995732079
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
                                                                                                                  MD5:AD9FA3B6C5E14C97CFD9D9A6994CC84A
                                                                                                                  SHA1:EF063B4A4988723E0794662EC9D9831DB6566E83
                                                                                                                  SHA-256:DCC7F776DBDE2DB809D3402FC302DB414CF67FE5D57297DDDADCE1EE42CFCE8F
                                                                                                                  SHA-512:81D9D59657CAF5805D2D190E8533AF48ACEBFFF63409F5A620C4E08F868710301A0C622D7292168048A9BC16C0250669FAAA2DCBF40419740A083C6ED5D79CFA
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Ad Blocking\blocklist (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):107893
                                                                                                                  Entropy (8bit):4.640149995732079
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:B/lv4EsQMNeQ9s5VwB34PsiaR+tjvYArQdW+Iuh57P75:fwUQC5VwBIiElEd2K57P75
                                                                                                                  MD5:AD9FA3B6C5E14C97CFD9D9A6994CC84A
                                                                                                                  SHA1:EF063B4A4988723E0794662EC9D9831DB6566E83
                                                                                                                  SHA-256:DCC7F776DBDE2DB809D3402FC302DB414CF67FE5D57297DDDADCE1EE42CFCE8F
                                                                                                                  SHA-512:81D9D59657CAF5805D2D190E8533AF48ACEBFFF63409F5A620C4E08F868710301A0C622D7292168048A9BC16C0250669FAAA2DCBF40419740A083C6ED5D79CFA
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"sites":[{"url":"24video.be"},{"url":"7dnifutbol.bg"},{"url":"6tv.dk"},{"url":"9kefa.com"},{"url":"aculpaedoslb.blogspot.pt"},{"url":"aek-live.gr"},{"url":"arcadepunk.co.uk"},{"url":"acidimg.cc"},{"url":"aazah.com"},{"url":"allehensbeverwijk.nl"},{"url":"amateurgonewild.org"},{"url":"aindasoudotempo.blogspot.com"},{"url":"anorthosis365.com"},{"url":"autoreview.bg"},{"url":"alivefoot.us"},{"url":"arbitro10.com"},{"url":"allhard.org"},{"url":"babesnude.info"},{"url":"aysel.today"},{"url":"animepornx.com"},{"url":"bahisideal20.com"},{"url":"analyseindustrie.nl"},{"url":"bahis10line.org"},{"url":"apoel365.net"},{"url":"bahissitelerisikayetleri.com"},{"url":"bambusratte.com"},{"url":"banzaj.pl"},{"url":"barlevegas.com"},{"url":"baston.info"},{"url":"atomcurve.com"},{"url":"atascadocherba.com"},{"url":"astrologer.gr"},{"url":"adultpicz.com"},{"url":"alleporno.com"},{"url":"beaver-tube.com"},{"url":"beachbabes.info"},{"url":"bearworldmagazine.com"},{"url":"bebegimdensonra.com"},{"url":"autoy

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):4194304
                                                                                                                  Entropy (8bit):0.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3::
                                                                                                                  MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                  SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                  SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                  SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                  Malicious:false
                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics-spare.pma.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):4194304
                                                                                                                  Entropy (8bit):0.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3::
                                                                                                                  MD5:B5CFA9D6C8FEBD618F91AC2843D50A1C
                                                                                                                  SHA1:2BCCBD2F38F15C13EB7D5A89FD9D85F595E23BC3
                                                                                                                  SHA-256:BB9F8DF61474D25E71FA00722318CD387396CA1736605E1248821CC0DE3D3AF8
                                                                                                                  SHA-512:BD273BF4E10ED6E305ECB7B781CB065545FCE9BE9F1E2968DF22C3A98F82D719855AAFE5FF303D14EA623A5C55E51E924E10033A92A7A6B07725D7E9692B74F5
                                                                                                                  Malicious:false
                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\BrowserMetrics\BrowserMetrics-66DAED5A-1C78.pma

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):4194304
                                                                                                                  Entropy (8bit):0.4786675550352067
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6144:NZnKwlAd3FnYaH3FCsIzAn/WLnixOUdaHfSxk:yFnjdIzASg8
                                                                                                                  MD5:DF85084365C4A3CF442D7DE749B2253B
                                                                                                                  SHA1:C2DD5ECF7EF862CD2DE4913EE2B59C47CF28D256
                                                                                                                  SHA-256:7DD4EE6E6DFD3A6B35FB4B14BD323D406FA427B1E5C9F3DAB393281F0B682AB0
                                                                                                                  SHA-512:A84CB92470B914FFA0040EFF2FD58B735C225755271F1A81FB20B57AD7CC848119FA5157EB7C20CF228AEABE6B77A5499AD5E6BFDDB4E1D86B688BA355C2A902
                                                                                                                  Malicious:false
                                                                                                                  Preview:...@..@...@.....C.].....@...............h...................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30..............117.0.2045.47-64..".en-GB*...Windows NT..10.0.190452l..x86_64..?........".spdoub20,1(.0..8..B.......2.:.M..BU..Be...?j...GenuineIntel... .. ..........x86_64...J....k..^o..J..l.zL.^o..J....\.^o..J.....f.^o..J....?.^o..P.Z...b.INBXj....... .8.@..............(......................w..U?:K..>.........."....."...24.."."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="*.:............B)..1.3.177.11.. .*.RegKeyNotFound2.windowsR...Z...u...V.S@..$...SF@.......Y@.......4@.......Y@........?........?.........................Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......Y@.......4@.......Y@................Y@.......Y@.......Y@........?........?2................. ...2........9...

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):280
                                                                                                                  Entropy (8bit):4.132041621771752
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:FiWWltlApdeXKeQwFMYLAfJrAazlYBVP/Sh/JzvPWVcRVEVg3WWD5x1:o1ApdeaEqYsMazlYBVsJDu2ziy5
                                                                                                                  MD5:845CFA59D6B52BD2E8C24AC83A335C66
                                                                                                                  SHA1:6882BB1CE71EB14CEF73413EFC591ACF84C63C75
                                                                                                                  SHA-256:29645C274865D963D30413284B36CC13D7472E3CD2250152DEE468EC9DA3586F
                                                                                                                  SHA-512:8E0E7E8CCDC8340F68DB31F519E1006FA7B99593A0C1A2425571DAF71807FBBD4527A211030162C9CE9E0584C8C418B5346C2888BEDC43950BF651FD1D40575E
                                                                                                                  Malicious:false
                                                                                                                  Preview:sdPC......................X..<EE..r/y..."pZLhTaJ23hN5uQxwzu0K2CYes/dvJuE93VbIVV/LnRA="..................................................................................47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=....................fdb35e9f-12f5-40d5-8d50-87a9333d43a4............

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\00d28e0c-2718-4312-a353-fb33b25b1218.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):13303
                                                                                                                  Entropy (8bit):5.2843304898094985
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:stNPGQSumsRelfOfhPQbGjpQx6WVlaTYAQ:s7OXuqlGfubGWx3aTYAQ
                                                                                                                  MD5:C4636248169B2D343AFEEC20BD29CAF1
                                                                                                                  SHA1:386B98DD8717E25A774A01ECF13C336353F71121
                                                                                                                  SHA-256:A8330D5CF8195D4DAD6A38439FA19752FEE98688F15B138291B5232DAC84292D
                                                                                                                  SHA-512:28470C07C5DE443D4CADDA3EDF1753C7E4F46CBC12EE1F05D025E2C7E15B206CED4FE53725037CB8948941FCDC8B857D5679BCCA6C8EDC046765296DCFF00178
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370097243992551","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\26e70fda-696f-4055-acc9-4c0e50691653.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):13115
                                                                                                                  Entropy (8bit):5.2876881563264115
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:stNPGKSumsRelfOfhPQbGjpQx6WVaTYAQ:s7OxuqlGfubGWxhaTYAQ
                                                                                                                  MD5:EE07B640C37AE1895809FEDABD163BB5
                                                                                                                  SHA1:D0EA0948F912164C13BDBD866BE8E3976D471A2B
                                                                                                                  SHA-256:3940F66959EAB266BE08EF54D8087598D09A521DE8F0AA600DE3C20F050B38E3
                                                                                                                  SHA-512:76C036BD33D51DEF8E78CDB7DAFA8D8A95CD4ACCC9A47A5EA1F30DBBADD0514143106C99AB03AF12344293E21181A8E8329410EE85BDB25521FA3617E19145AB
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370097243992551","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\27a55d5e-57f5-44cf-bb6e-cb737d84ad43.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:very short file (no magic)
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1
                                                                                                                  Entropy (8bit):0.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:L:L
                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                  Malicious:false
                                                                                                                  Preview:.

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\7b5b534c-bd53-4952-95c8-dac9fac6e2d8.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):13304
                                                                                                                  Entropy (8bit):5.284511940539198
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:stNPGQSumsRelfOfhPQbGjpQx6WelaTYAQ:s7OXuqlGfubGWxkaTYAQ
                                                                                                                  MD5:04F07F43CA4E0A24C37F1A08F85E4FBA
                                                                                                                  SHA1:A81E965BFCDCFB096A51AB942E8D311FB4D60B96
                                                                                                                  SHA-256:A36E7F89879E6F95F02DC35C24F7437109EA01B7CBF4531475820ED9F855F37B
                                                                                                                  SHA-512:70803824561E944DF5D03D4274FEADF5AA848D023F0701106F819551508E01831FB93BB7632C50434047D6007A3A896A3A9214DDE1264173F6EE9A644A474222
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370097243992551","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\80758a1f-1c00-447a-9a29-212a11e94239.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):37149
                                                                                                                  Entropy (8bit):5.564000762477264
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:eYltYrWP+EfPg8F1+UoAYDCx9Tuqh0VfUC9xbog/OVsTvAec+rwMGaoqKpEtuW:eYltYrWP+EfPgu1jaVTvFcbMGaBdtB
                                                                                                                  MD5:DDCD69FAE1F8C904EE441F6AE7190B75
                                                                                                                  SHA1:86907877294FF59DC03238407F62B29DC48D59BF
                                                                                                                  SHA-256:29BD0C05BF09A0E88F9B00482643C0B4FF9194689D23520229EBF1B15A978525
                                                                                                                  SHA-512:D636963D0C98732A3B31CCF28BB4A88F9A99D2F6C44FF5F285FF671FD306B09BDC9D1453EF4CECDF29EF98213D401A10EE3B570A75EC0551ED37D35D497C1EC7
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370097243326854","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370097243326854","location":5,"ma

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\8c1053bd-2b3e-4bea-9873-e83d22bfcc96.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:very short file (no magic)
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1
                                                                                                                  Entropy (8bit):0.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:L:L
                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                  Malicious:false
                                                                                                                  Preview:.

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\96fa39e1-f5e4-4e34-974d-a36cc33ae9a7.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):115717
                                                                                                                  Entropy (8bit):5.183660917461099
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                  MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                  SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                  SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                  SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000001.dbtmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):16
                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                  Malicious:false
                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\000003.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):33
                                                                                                                  Entropy (8bit):3.5394429593752084
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:iWstvhYNrkUn:iptAd
                                                                                                                  MD5:F27314DD366903BBC6141EAE524B0FDE
                                                                                                                  SHA1:4714D4A11C53CF4258C3A0246B98E5F5A01FBC12
                                                                                                                  SHA-256:68C7AD234755B9EDB06832A084D092660970C89A7305E0C47D327B6AC50DD898
                                                                                                                  SHA-512:07A0D529D9458DE5E46385F2A9D77E0987567BA908B53DDB1F83D40D99A72E6B2E3586B9F79C2264A83422C4E7FC6559CAC029A6F969F793F7407212BB3ECD51
                                                                                                                  Malicious:false
                                                                                                                  Preview:...m.................DB_VERSION.1

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):16
                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                  Malicious:false
                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\LOG

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):309
                                                                                                                  Entropy (8bit):5.2422240422573285
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:PfNchRM1923oH+Tcwtp3hBtB2KLllfOq2P923oH+Tcwtp3hBWsIFUv:PFCRhYebp3dFLnGv4Yebp3eFUv
                                                                                                                  MD5:3FF0EFC93FE73F589C8031D1AAC3D25D
                                                                                                                  SHA1:8D0A0EDE738902C87EA2807FA09FFA6883A508B0
                                                                                                                  SHA-256:A11CA93C6063CF1C24B998A36DD277B2E43D8C9BE59D84E9D7A89A334096E96B
                                                                                                                  SHA-512:6E2B55F196DAC4CCB0E08B9856FFBCE3940109E2458CB97780F1AC8B79E6E55D5E0474D8FFAF5AA5596F2084CFB5EE965F68CBD2C4B7BDD27876C1F755E81261
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:09.058 2224 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db since it was missing..2024/09/06-07:54:09.083 2224 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform/auto_show_data.db/MANIFEST-000001.

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):41
                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                  Malicious:false
                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\000003.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:modified
                                                                                                                  Size (bytes):2163821
                                                                                                                  Entropy (8bit):5.222873377538249
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24576:v+/PN8FqfI/MXhZSihQgCmnVAEpENU2iOYcafbE2n:v+/PN8wfx2mjF
                                                                                                                  MD5:824A5367A623818DF73E3AD3119DF437
                                                                                                                  SHA1:0F52E4D4996A7C44ECAA669C697890A201D27A07
                                                                                                                  SHA-256:0F3267818FCDE5BC0DB50DFF3D094027B35DC7EBD443B46C00994731EE70297A
                                                                                                                  SHA-512:1962A290E44F04EBC38AD7C74D604020FEA651E589819FA78FC7F3BE6D2159E40A220A79C6DA8FD54BCA86F0E2AC07BF120795BD2683E6FAD1451CE0267B98EA
                                                                                                                  Malicious:false
                                                                                                                  Preview:...m.................DB_VERSION.1.l.i.................QUERY_TIMESTAMP:arbitration_priority_list4.*.*.13340900604462938.$QUERY:arbitration_priority_list4.*.*..[{"name":"arbitration_priority_list","url":"https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr=c&sig=NtPyTqjbjPElpw2mWa%2FwOk1no4JFJEK8%2BwO4xQdDJO4%3D&st=2021-01-01T00%3A00%3A00Z&se=2023-12-30T00%3A00%3A00Z&sp=r&assetgroup=ArbitrationService","version":{"major":4,"minor":0,"patch":5},"hash":"N0MkrPHaUyfTgQSPaiVpHemLMcVgqoPh/xUYLZyXayg=","size":11749}]...................'ASSET_VERSION:arbitration_priority_list.4.0.5..ASSET:arbitration_priority_list.[{. "configVersion": 32,. "PrivilegedExperiences": [. "ShorelinePrivilegedExperienceID",. "SHOPPING_AUTO_SHOW_COUPONS_CHECKOUT",. "SHOPPING_AUTO_SHOW_LOWER_PRICE_FOUND",. "SHOPPING_AUTO_SHOW_BING_SEARCH",. "SHOPPING_AUTO_SHOW_REBATES",. "SHOPPING_AUTO_SHOW_REBATES_CONFIRMATION",. "SHOPPING_AUTO_SHOW_REBATES_DEACTI

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):336
                                                                                                                  Entropy (8bit):5.125299244720302
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:P7Aq2P923oH+Tcwt9Eh1tIFUt827OZmw+2DLzkwO923oH+Tcwt9Eh15LJ:PMv4Yeb9Eh16FUt82K/+2z5LYeb9Eh1H
                                                                                                                  MD5:945D8397E4ADEDCBE07DD0B5A6AC6825
                                                                                                                  SHA1:889B25624BEA7F4B17AD64E50C379BC33C0E5E9C
                                                                                                                  SHA-256:8CCAD603D9251E899B23D18F5FEF77F2C46607CEFE6810098D27CA080BFD497B
                                                                                                                  SHA-512:B2BF9EA7B2B470A2C1FB4CA68ED2EEFCDF7DF6569B50B156C981D329AC778C89DF8EFC5C5729492957724CAE9CD2912E4D3CD7D26AEC2AD4F654E89E4CDCBD9B
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:09.073 1c10 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/09/06-07:54:09.076 1c10 Recovering log #3.2024/09/06-07:54:09.082 1c10 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):336
                                                                                                                  Entropy (8bit):5.125299244720302
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:P7Aq2P923oH+Tcwt9Eh1tIFUt827OZmw+2DLzkwO923oH+Tcwt9Eh15LJ:PMv4Yeb9Eh16FUt82K/+2z5LYeb9Eh1H
                                                                                                                  MD5:945D8397E4ADEDCBE07DD0B5A6AC6825
                                                                                                                  SHA1:889B25624BEA7F4B17AD64E50C379BC33C0E5E9C
                                                                                                                  SHA-256:8CCAD603D9251E899B23D18F5FEF77F2C46607CEFE6810098D27CA080BFD497B
                                                                                                                  SHA-512:B2BF9EA7B2B470A2C1FB4CA68ED2EEFCDF7DF6569B50B156C981D329AC778C89DF8EFC5C5729492957724CAE9CD2912E4D3CD7D26AEC2AD4F654E89E4CDCBD9B
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:09.073 1c10 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/MANIFEST-000001.2024/09/06-07:54:09.076 1c10 Recovering log #3.2024/09/06-07:54:09.082 1c10 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DIPS

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):28672
                                                                                                                  Entropy (8bit):0.4644630782287797
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBNjW:TouQq3qh7z3bY2LNW9WMcUvBM
                                                                                                                  MD5:27B97FBE4ABF1FF95EAC676380777BD2
                                                                                                                  SHA1:6C4A23A3E46FAAC2E2F8D4F7DB7EBE679A8FDDCE
                                                                                                                  SHA-256:1BB450A647272A4BDA12C9575824218F5B01D9CCEEB697E14A7EE641CE9C8E76
                                                                                                                  SHA-512:6162F844341243115EFC00F88DFFC93ADB452280109F30F4C2F1659E1365476BC96A24FAB47F9D46E2379139F35EBB27EB29F553F70E1A49E10DDAD97AB2B94F
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\DashTrackerDatabase

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 5, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 5
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):10240
                                                                                                                  Entropy (8bit):0.8708334089814068
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:LBtW4mqsmvEFUU30dZV3lY7+YNbr1dj3BzA2ycFUxOUDaazMvbKGxiTUwZ79GV:LLaqEt30J2NbDjfy6UOYMvbKGxjgm
                                                                                                                  MD5:92F9F7F28AB4823C874D79EDF2F582DE
                                                                                                                  SHA1:2D4F1B04C314C79D76B7FF3F50056ECA517C338B
                                                                                                                  SHA-256:6318FCD9A092D1F5B30EBD9FB6AEC30B1AEBD241DC15FE1EEED3B501571DA3C7
                                                                                                                  SHA-512:86FEF0E05F871A166C3FAB123B0A4B95870DCCECBE20B767AF4BDFD99653184BBBFE4CE1EDF17208B7700C969B65B8166EE264287B613641E7FDD55A6C09E6D4
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...v... .. .....M....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000003.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):636554
                                                                                                                  Entropy (8bit):6.0127694795093625
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12288:BhjHVMIvgjD8xIXualvzHR7iaQKR+8JbtlmkdBC1esJxrVcQNaiBa:Bhq+kaIXnQs+Qb3mkGbJo5
                                                                                                                  MD5:CDE9ABB05D9CF09C0DA933480FEC3B64
                                                                                                                  SHA1:D28F62243CA290594B0EB556FE0831AA6FCC6C8A
                                                                                                                  SHA-256:036961C14225D6DD3397D4EA5B38D010A7F0EE778CFDBEFE9437F37DDE78E39F
                                                                                                                  SHA-512:FFD65D76C5DF99F63EDE9695B15CE7D3AD175FB87AD8C708DDBBF5E3747379CBCA0F30C5146E7EE1A86037DB96A63F36AAAD5606D6D95BF45022E3024BF2F018
                                                                                                                  Malicious:false
                                                                                                                  Preview:...m.................DB_VERSION.1.!Z2.................BLOOM_FILTER:..&{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3767945,"primeBases":[5381,5381,5381,5381],"supportedDomains":"+o3+RncW1oGSCAJdFuTFqUW6YaGaAbCC0mXuZLc6TAdWf+a3VWHilOI7HUSutZN7jjBKd4Xi34zSVDgDggvk4iE7SFOUe0to/ca2Z9NKMxb3353s+Xz5MJEyQlwFGH9Q4NPsSG7/Mg0OzIizAAoQKAb68INGxcqMD8b8cjATmbZA8J3gaDgCBh+FwkLSt7ItZOvFiz1UWGdFoGeWLVoid0mXBF1tVxiUsnfZrTOYUq+ybxegQgLR7oDn/09U0naczNrckPPeVov9TOq080La20glc39nrbTQ161ERvbKrN6QBMsgiTOHVfZfSTGNbPb7sPb+5dDTy5Pj4SDC6TCZj8jX3zHAoaELBAojh3rXGAdRcmlzljl/F2zoyuFBIUzr1kW7W1ersVw2uiPbjdETQ6f6PzQr5AIUQSnGkCAK4eY8TDM6HLdxH8VjohD4l8UWF3Y9XOks322TYQmhq7J/I5qw0+ibgaYj2D0vvNSxCuIJMAcBjJAiV3jSfyJZCI7hs3VWZSRjobGr+J4EqQa3vtIovMi1uA9KKefV9pM81NjK5N2TORH5BQe9Np+dJNRjevW/vXAW4n+oqu76r1jaC4FKAy9+Xb5xIFPlpZDNzVhz/6/ct6Hct8kU9B96g6Gv3o9/8jKq///viYVNKvcp+tGhn40YSm6uaOjATydJjaZqudEoej2VEh/hMKMwBMZNV2DvJuxJfXP9Vxyc06+ZH2XLctB6KM125+jdQ7UtY9dujxJcJ6P5ONGgAQohAe9Jqk8wYOnC5u/cDvlnwhGVt8QSnkPqM+ce4mL

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000004.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):142
                                                                                                                  Entropy (8bit):5.082290246372525
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:BDm//38E28xp4m3rscUSXQSUVVPXmji6ltlf+nETPxpK2x7LuX4VhvdWUEs:B6X38D8xSEsIX0VVPLO+n0PxEWA4VqVs
                                                                                                                  MD5:9FAE8CF9E33F861A6449EFFA52934059
                                                                                                                  SHA1:3B5252F460747222C60EB939418B92A1D1BC6C81
                                                                                                                  SHA-256:EEA3DFE1012F429B7FF56707A717DFEEF161B666AE1974A0C1B2481B631C327F
                                                                                                                  SHA-512:BB0285E64B8D4484030F1F7E79192DE75614FA53AB13E64786BDAC4E9A471EF8E383F3BEC401FC46E0B8C7DB006D8FFDC1AF776A15FD06983AFB21C879E6E6AF
                                                                                                                  Malicious:false
                                                                                                                  Preview:..(.9................BLOOM_FILTER_EXPIRY_TIME:.1725710048.804773V...G................BLOOM_FILTER_LAST_MODIFIED:.Fri, 06 Sep 2024 08:31:31 GMT

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000005.ldb

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):636529
                                                                                                                  Entropy (8bit):6.012178686683981
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12288:vhEHVMavgBg8bIXuHlvzHM7iawKRt8AbtA0kdBO1esJxLVcWGaiQX:vh7cNaIXxwstXb+0kKbJ1l
                                                                                                                  MD5:D06FF4898FA4B70F70844C78C74E85F1
                                                                                                                  SHA1:343AACAE98E528494912A7795CFDA3320598B8B9
                                                                                                                  SHA-256:7075C56053C9821ACF183DBB7CF38F0EB58DED5773450E7FC5D015DAF9885A11
                                                                                                                  SHA-512:ADD667D77284908B8DE405827BA3BFA0D56A8E19DEC93D4E3B5CB6731001D86AA65899CEC389DDC0D50D40A95DFBFEF10838C3BB3E565330EE72F7E5C43A1AC1
                                                                                                                  Malicious:false
                                                                                                                  Preview:....&BLOOM_FILTER:........{"numberOfHashFunctions":8,"shiftBase":8,"bloomFilterArraySize":3767945,"primeBases":[5381,5381,5381,5381],"supportedDomains":"+o3+RncW1oGSCAJdFuTFqUW6YaGaAbCC0mXuZLc6TAdWf+a3VWHilOI7HUSutZN7jjBKd4Xi34zSVDgDggvk4iE7SFOUe0to/ca2Z9NKMxb3353s+Xz5MJEyQlwFGH9Q4NPsSG7/Mg0OzIizAAoQKAb68INGxcqMD8b8cjATmbZA8J3gaDgCBh+FwkLSt7ItZOvFiz1UWGdFoGeWLVoid0mXBF1tVxiUsnfZrTOYUq+ybxegQgLR7oDn/09U0naczNrckPPeVov9TOq080La20glc39nrbTQ161ERvbKrN6QBMsgiTOHVfZfSTGNbPb7sPb+5dDTy5Pj4SDC6TCZj8jX3zHAoaELBAojh3rXGAdRcmlzljl/F2zoyuFBIUzr1kW7W1ersVw2uiPbjdETQ6f6PzQr5AIUQSnGkCAK4eY8TDM6HLdxH8VjohD4l8UWF3Y9XOks322TYQmhq7J/I5qw0+ibgaYj2D0vvNSxCuIJMAcBjJAiV3jSfyJZCI7hs3VWZSRjobGr+J4EqQa3vtIovMi1uA9KKefV9pM81NjK5N2TORH5BQe9Np+dJNRjevW/vXAW4n+oqu76r1jaC4FKAy9+Xb5xIFPlpZDNzVhz/6/ct6Hct8kU9B96g6Gv3o9/8jKq///viYVNKvcp+tGhn40YSm6uaOjATydJjaZqudEoej2VEh/hMKMwBMZNV2DvJuxJfXP9Vxyc06+ZH2XLctB6KM125+jdQ7UtY9dujxJcJ6P5ONGgAQohAe9Jqk8wYOnC5u/cDvlnwhGVt8QSnkPqM+ce4mLoqavVr1W6M2pkmSIpauEh0cez8hN+5N/u78l15yvzNT5

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):512
                                                                                                                  Entropy (8bit):5.222887514239071
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:PJv4Yebn9GFUt82U/+2U5LYebn95Z9lWWf0nIZWfr1K2SXh7h:N4Yeb9ig8OLYeb9z+XUkwh7h
                                                                                                                  MD5:DB9E5D3523571845F9CC24571232086A
                                                                                                                  SHA1:703CEA9F3FFE329C1FD216D799D0146A47995ECD
                                                                                                                  SHA-256:B4FE390C76591B5D3BB57B6EC43493062B7D11EBEC933AAD002D8DBBD093F7AC
                                                                                                                  SHA-512:99564BAE4925649A3539DA13865B7A8E0FAD3E55F5D346C5C212FE614A8D25015169C823AC1B5C598B2BEF7EF4C8CB0E7BF66BF6206B6FDA0C7680C7C3163E6B
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:03.382 1d60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/09/06-07:54:03.382 1d60 Recovering log #3.2024/09/06-07:54:03.382 1d60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/09/06-07:54:08.947 1d04 Level-0 table #5: started.2024/09/06-07:54:09.009 1d04 Level-0 table #5: 636529 bytes OK.2024/09/06-07:54:09.010 1d04 Delete type=0 #3.

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG.old (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):512
                                                                                                                  Entropy (8bit):5.222887514239071
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:PJv4Yebn9GFUt82U/+2U5LYebn95Z9lWWf0nIZWfr1K2SXh7h:N4Yeb9ig8OLYeb9z+XUkwh7h
                                                                                                                  MD5:DB9E5D3523571845F9CC24571232086A
                                                                                                                  SHA1:703CEA9F3FFE329C1FD216D799D0146A47995ECD
                                                                                                                  SHA-256:B4FE390C76591B5D3BB57B6EC43493062B7D11EBEC933AAD002D8DBBD093F7AC
                                                                                                                  SHA-512:99564BAE4925649A3539DA13865B7A8E0FAD3E55F5D346C5C212FE614A8D25015169C823AC1B5C598B2BEF7EF4C8CB0E7BF66BF6206B6FDA0C7680C7C3163E6B
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:03.382 1d60 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/MANIFEST-000001.2024/09/06-07:54:03.382 1d60 Recovering log #3.2024/09/06-07:54:03.382 1d60 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons/coupons_data.db/000003.log .2024/09/06-07:54:08.947 1d04 Level-0 table #5: started.2024/09/06-07:54:09.009 1d04 Level-0 table #5: 636529 bytes OK.2024/09/06-07:54:09.010 1d04 Delete type=0 #3.

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\MANIFEST-000001

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):103
                                                                                                                  Entropy (8bit):5.287315490441997
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjGtCSluhFhinvsD8xFxN3erkEtl:scoBY7j6CSluGvlxFDkHl
                                                                                                                  MD5:BBF990808A624C34FC58008F69BE5414
                                                                                                                  SHA1:8E91249954C47ED58AFAA34373006A9A907A8B87
                                                                                                                  SHA-256:2E9DF06E07493794BAE755C1954FDC37401D757916EBFBAA7F0EE64A8FD16E9E
                                                                                                                  SHA-512:9F6863BCEE0782B211E95986AEDB74E0563A24D7FE448A7CA56EC94CD489A5BE0999757C25CB75DB6789759DCB81C20236EFB96945165E15E3D139CA4836B844
                                                                                                                  Malicious:false
                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator..........7...............&.BLOOM_FILTER:.........DB_VERSION........

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 6
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):20480
                                                                                                                  Entropy (8bit):0.6130994603137965
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:TLapR+DDNzWjJ0npnyXKUO8+jJ+TpjIXmL:TO8D4jJ/6Up+vs
                                                                                                                  MD5:B8A04FDCD91F1CB9F9998F1E6ECE18C1
                                                                                                                  SHA1:4D0E3FDDB563A5969465FD1BC844D6BC17563BA8
                                                                                                                  SHA-256:334F1E3D93C3AFAD6B69469C5978A8F697FC1C4ECCE8CCB9CB03CC5BE97BC666
                                                                                                                  SHA-512:FFC0EC55F9E140263D7FAE6ED8E99F2D390A07A8B3E12D75FCAF723D0C8A70B82FF66F4CC7C772D9ED8A845327506E847738646F9EC388104FFD82E18EB74402
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...%.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000001.dbtmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):16
                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                  Malicious:false
                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\000003.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):375520
                                                                                                                  Entropy (8bit):5.35413048554151
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6144:pA/imBpx6WdPSxKWcHu5MURacq49QxxPnyEndBuHltBfdK5WNbsVEziP/CfXtLPz:pFdMyq49tEndBuHltBfdK5WNbsVEziPU
                                                                                                                  MD5:6E350ECBA770C9A8436FF429EB23CCBC
                                                                                                                  SHA1:0EDE15CF88C2C3B7D9A8410EFB1C20B6358CEA95
                                                                                                                  SHA-256:123244ED5C3DFB885F7323BBA16D7A663CE4D6C9264CA6911BE33BF8FE8E7CE6
                                                                                                                  SHA-512:E1471E57EFFD7AD8AD8040179565D4C2BE32DFBC545C71F8E2810D68877B98A44BF26EED842694051C2229359962D8107175ACCAD5A529442CECA92EA74992B9
                                                                                                                  Malicious:false
                                                                                                                  Preview:...m.................DB_VERSION.1.../q...............&QUERY_TIMESTAMP:domains_config_gz2.*.*.13370097250956817..QUERY:domains_config_gz2.*.*..[{"name":"domains_config_gz","url":"https://edgeassetservice.azureedge.net/assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig","version":{"major":2,"minor":8,"patch":76},"hash":"78Xsq/1H+MXv88uuTT1Rx79Nu2ryKVXh2J6ZzLZd38w=","size":374872}]..*.`~...............ASSET_VERSION:domains_config_gz.2.8.76..ASSET:domains_config_gz...{"config": {"token_limit": 1600, "page_cutoff": 4320, "default_locale_map": {"bg": "bg-bg", "bs": "bs-ba", "el": "el-gr", "en": "en-us", "es": "es-mx", "et": "et-ee", "cs": "cs-cz", "da": "da-dk", "de": "de-de", "fa": "fa-ir", "fi": "fi-fi", "fr": "fr-fr", "he": "he-il", "hr": "hr-hr", "hu": "hu-hu", "id": "id-id", "is": "is-is", "it": "it-it", "ja": "ja-jp", "ko": "ko-kr", "lv": "lv-lv", "lt": "lt-lt", "mk": "mk-mk", "nl": "nl-nl", "nb": "nb-no", "no": "no-no", "pl": "pl-pl", "pt": "pt-pt", "ro": "

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):16
                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                  Malicious:false
                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\LOG

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):311
                                                                                                                  Entropy (8bit):5.192006393276426
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:Pn1923oH+Tcwtk2WwnvB2KLll7aAq2P923oH+Tcwtk2WwnvIFUv:PiYebkxwnvFLnXv4YebkxwnQFUv
                                                                                                                  MD5:C07439031DCEEF3E58ECF22229254B37
                                                                                                                  SHA1:4FCF4D42688298F1635782F2DCAC290FB239661F
                                                                                                                  SHA-256:3BB717638068EF2FDBD3B2E437A8B11B5CC9608FF188B3C196F09912F9E0B71A
                                                                                                                  SHA-512:89C8CA18082DBD291E8BE1676FE263D8C4FCFA183592B57260C63C2BD886A0D7029BB4FA23F01685FDECA479DD18D9B8DC9340372A00FB961DF127400AB22042
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:08.779 2180 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db since it was missing..2024/09/06-07:54:09.344 2180 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtractionAssetStore.db/MANIFEST-000001.

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):41
                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                  Malicious:false
                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\EntityExtraction\domains_config.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:modified
                                                                                                                  Size (bytes):358860
                                                                                                                  Entropy (8bit):5.324620195484958
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6144:CgimBVvUrsc6rRA81b/18jyJNjfvrfM6R3:C1gAg1zfvv
                                                                                                                  MD5:353F5574DE9A25A14B178E52E12906EF
                                                                                                                  SHA1:B5BB8C500E567B58A51585050ED0D5A1612D505F
                                                                                                                  SHA-256:5601D34E6405BB715A2AA09AE2F7AF84BFB8D9EC58F0FD7530B1CC2CDC062F09
                                                                                                                  SHA-512:F3FF473A8E78E4A0D0C8E01FC323AB31731BDD5B4A793B6DC08B94E3D6327DB5D012EE89AF3E829B217DBA51827BED08AECFBA6B47EEB30DA8F21869A07E068D
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"aee_config":{"ar":{"price_regex":{"ae":"(((ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(ae|aed|\\x{062F}\\x{0660}\\x{0625}\\x{0660}|\\x{062F}\\.\\x{0625}|dhs|dh)))","dz":"(((dzd|da|\\x{062F}\\x{062C})\\s*\\d{1,3})|(\\d{1,3}\\s*(dzd|da|\\x{062F}\\x{062C})))","eg":"(((e\\x{00a3}|egp)\\s*\\d{1,3})|(\\d{1,3}\\s*(e\\x{00a3}|egp)))","ma":"(((mad|dhs|dh)\\s*\\d{1,3})|(\\d{1,3}\\s*(mad|dhs|dh)))","sa":"((\\d{1,3}\\s*(sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633}))|((sar\\s*\\x{fdfc}|sar|sr|\\x{fdfc}|\\.\\x{0631}\\.\\x{0633})\\s*\\d{1,3}))"},"product_terms":"((\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{0639}\\x{0631}\\x{0628}\\x{0629})|(\\x{0623}\\x{0636}\\x{0641}\\s*\\x{0625}\\x{0644}\\x{0649}\\s*\\x{0627}\\x{0644}\\x{062D}\\x{0642}\\x{064A}\\x{0628}\\x{0629})|(\\x{0627}\\x{0634}\\x{062A}\\x{0631}\\x{064A}\\s*\\x{0627}\\x{0644}\\x{0622}\\x{0646})|(\\x{062E}\\x{064A}\\x{0627}\\x{0631}

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\000003.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):418
                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                  MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                  SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                  SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                  SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                  Malicious:false
                                                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):324
                                                                                                                  Entropy (8bit):5.215212683466071
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:PBcVq2P923oH+Tcwt8aPrqIFUt82BDgZmw+2BDIkwO923oH+Tcwt8amLJ:Pmv4YebL3FUt82C/+2u5LYebQJ
                                                                                                                  MD5:22784D4AAD3C9BA0A761FC0559E9E8EF
                                                                                                                  SHA1:AFEE5E40897FFBA3CA149183E7F579DD726DFB0F
                                                                                                                  SHA-256:3987B37821EB78944B0FBE70552F200CED47A66D12768BEECBBF9769938A3671
                                                                                                                  SHA-512:AF3DBE5C73131070B23DFFC7E52B2A5F8A5DFCFB665FD6E4E9CA7D0E9DE340A92518F863FCCAD4E08C43F00E2C066F4F5236FAF8A11D82BF0F5F58F7EDC906C9
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:03.385 1d84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/09/06-07:54:03.386 1d84 Recovering log #3.2024/09/06-07:54:03.386 1d84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules\LOG.old (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):324
                                                                                                                  Entropy (8bit):5.215212683466071
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:PBcVq2P923oH+Tcwt8aPrqIFUt82BDgZmw+2BDIkwO923oH+Tcwt8amLJ:Pmv4YebL3FUt82C/+2u5LYebQJ
                                                                                                                  MD5:22784D4AAD3C9BA0A761FC0559E9E8EF
                                                                                                                  SHA1:AFEE5E40897FFBA3CA149183E7F579DD726DFB0F
                                                                                                                  SHA-256:3987B37821EB78944B0FBE70552F200CED47A66D12768BEECBBF9769938A3671
                                                                                                                  SHA-512:AF3DBE5C73131070B23DFFC7E52B2A5F8A5DFCFB665FD6E4E9CA7D0E9DE340A92518F863FCCAD4E08C43F00E2C066F4F5236FAF8A11D82BF0F5F58F7EDC906C9
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:03.385 1d84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/MANIFEST-000001.2024/09/06-07:54:03.386 1d84 Recovering log #3.2024/09/06-07:54:03.386 1d84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Rules/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\000003.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):418
                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:qTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCTCT:qWWWWWWWWWWWWWWWWWWWWW
                                                                                                                  MD5:BF097D724FDF1FCA9CF3532E86B54696
                                                                                                                  SHA1:4039A5DD607F9FB14018185F707944FE7BA25EF7
                                                                                                                  SHA-256:1B8B50A996172C16E93AC48BCB94A3592BEED51D3EF03F87585A1A5E6EC37F6B
                                                                                                                  SHA-512:31857C157E5B02BCA225B189843CE912A792A7098CEA580B387977B29E90A33C476DF99AD9F45AD5EB8DA1EFFD8AC3A78870988F60A32D05FA2DA8F47794FACE
                                                                                                                  Malicious:false
                                                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):328
                                                                                                                  Entropy (8bit):5.231837567355729
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:PH00Vq2P923oH+Tcwt865IFUt82HDgZmw+2HDIkwO923oH+Tcwt86+ULJ:PH0Mv4Yeb/WFUt82Hc/+2Hc5LYeb/+SJ
                                                                                                                  MD5:548C5605C0DF356638442A0F873330B1
                                                                                                                  SHA1:F8D27BC1F40DC7E1BC0814A138366A5415FFB68D
                                                                                                                  SHA-256:4BF4FECED0B68500DBB9BF44DB75591885A6BB9DB5F10507655BACAF56291094
                                                                                                                  SHA-512:E3D653B8D6E6C98B61F0D7285F2539A250AD0F6AABD3881736DF61B43FDB7F26A64A2CE83C047CF07183E6DA90E318008EA0047C3CD9079944F82A76F150EAE9
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:03.559 1d84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/09/06-07:54:03.586 1d84 Recovering log #3.2024/09/06-07:54:03.586 1d84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts\LOG.old (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):328
                                                                                                                  Entropy (8bit):5.231837567355729
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:PH00Vq2P923oH+Tcwt865IFUt82HDgZmw+2HDIkwO923oH+Tcwt86+ULJ:PH0Mv4Yeb/WFUt82Hc/+2Hc5LYeb/+SJ
                                                                                                                  MD5:548C5605C0DF356638442A0F873330B1
                                                                                                                  SHA1:F8D27BC1F40DC7E1BC0814A138366A5415FFB68D
                                                                                                                  SHA-256:4BF4FECED0B68500DBB9BF44DB75591885A6BB9DB5F10507655BACAF56291094
                                                                                                                  SHA-512:E3D653B8D6E6C98B61F0D7285F2539A250AD0F6AABD3881736DF61B43FDB7F26A64A2CE83C047CF07183E6DA90E318008EA0047C3CD9079944F82A76F150EAE9
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:03.559 1d84 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/MANIFEST-000001.2024/09/06-07:54:03.586 1d84 Recovering log #3.2024/09/06-07:54:03.586 1d84 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension Scripts/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1254
                                                                                                                  Entropy (8bit):1.8784775129881184
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:qWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWWA:
                                                                                                                  MD5:826B4C0003ABB7604485322423C5212A
                                                                                                                  SHA1:6B8EF07391CD0301C58BB06E8DEDCA502D59BCB4
                                                                                                                  SHA-256:C56783C3A6F28D9F7043D2FB31B8A956369F25E6CE6441EB7C03480334341A63
                                                                                                                  SHA-512:0474165157921EA84062102743EE5A6AFE500F1F87DE2E87DBFE36C32CFE2636A0AE43D8946342740A843D5C2502EA4932623C609B930FE8511FE7356D4BAA9C
                                                                                                                  Malicious:false
                                                                                                                  Preview:.f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5................f.5........

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):324
                                                                                                                  Entropy (8bit):5.169876446173151
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:Pw3+q2P923oH+Tcwt8NIFUt82jZmw+2TVkwO923oH+Tcwt8+eLJ:Phv4YebpFUt82j/+255LYebqJ
                                                                                                                  MD5:D8D2B72E076281C75A4CCF501917754E
                                                                                                                  SHA1:5D285E7F18BF2784A6579E9B5436DD2DE196F372
                                                                                                                  SHA-256:1B213C62E2F992065FFFB0D4D193984C2F5CCA3C958DB21AA0C027487892325D
                                                                                                                  SHA-512:D6225A2F45EE7E509D69E1BE9C251A73607D6D7261B1FC49FE856AA92C9925C8F12E2719E00663B2D1D905658980219AAC62A7EF1A587F206318D3C0AA836193
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:04.220 1d48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/06-07:54:04.221 1d48 Recovering log #3.2024/09/06-07:54:04.221 1d48 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG.old (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):324
                                                                                                                  Entropy (8bit):5.169876446173151
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:Pw3+q2P923oH+Tcwt8NIFUt82jZmw+2TVkwO923oH+Tcwt8+eLJ:Phv4YebpFUt82j/+255LYebqJ
                                                                                                                  MD5:D8D2B72E076281C75A4CCF501917754E
                                                                                                                  SHA1:5D285E7F18BF2784A6579E9B5436DD2DE196F372
                                                                                                                  SHA-256:1B213C62E2F992065FFFB0D4D193984C2F5CCA3C958DB21AA0C027487892325D
                                                                                                                  SHA-512:D6225A2F45EE7E509D69E1BE9C251A73607D6D7261B1FC49FE856AA92C9925C8F12E2719E00663B2D1D905658980219AAC62A7EF1A587F206318D3C0AA836193
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:04.220 1d48 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/MANIFEST-000001.2024/09/06-07:54:04.221 1d48 Recovering log #3.2024/09/06-07:54:04.221 1d48 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extension State/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\_metadata\computed_hashes.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):429
                                                                                                                  Entropy (8bit):5.809210454117189
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:Y8U0vEjrAWT0VAUD9lpMXO4SrqiweVHUSENjrAWT0HQQ9/LZyVMQ3xqiweVHlrSQ:Y8U5j0pqCjJA7tNj0pHx/LZ4hcdQ
                                                                                                                  MD5:5D1D9020CCEFD76CA661902E0C229087
                                                                                                                  SHA1:DCF2AA4A1C626EC7FFD9ABD284D29B269D78FCB6
                                                                                                                  SHA-256:B829B0DF7E3F2391BFBA70090EB4CE2BA6A978CCD665EEBF1073849BDD4B8FB9
                                                                                                                  SHA-512:5F6E72720E64A7AC19F191F0179992745D5136D41DCDC13C5C3C2E35A71EB227570BD47C7B376658EF670B75929ABEEBD8EF470D1E24B595A11D320EC1479E3C
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"file_hashes":[{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","6RbL+qKART8FehO4s7U0u67iEI8/jaN+8Kg3kII+uy4=","CuN6+RcZAysZCfrzCZ8KdWDkQqyaIstSrcmsZ/c2MVs="],"block_size":4096,"path":"content.js"},{"block_hashes":["OdZL4YFLwCTKbdslekC6/+U9KTtDUk+T+nnpVOeRzUc=","UL53sQ5hOhAmII/Yx6muXikzahxM+k5gEmVOh7xJ3Rw=","u6MdmVNzBUfDzMwv2LEJ6pXR8k0nnvpYRwOL8aApwP8="],"block_size":4096,"path":"content_new.js"}],"version":2}

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 10, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):20480
                                                                                                                  Entropy (8bit):2.4438824337012277
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:0BCyHF07ExelS9nsH4/AztcIuuoKwgF0iJ:mNHF04lsHXzCIPo1gF0u
                                                                                                                  MD5:BBF39783E44A2AD8D80354793D178A55
                                                                                                                  SHA1:A27CC86D1C2A1147E2729AED7DC6FAFCE2F5F573
                                                                                                                  SHA-256:18D94A8B388DA22D62F64BB12DD2FCD8CC1CAFA3AB207125E43B4198AE562073
                                                                                                                  SHA-512:2FB98BF16836A81D04088EBF309C5712C965E23D719341A974EE356A9A95B1EF3D73B439CB24B94EA7E9A87E0767EBBF87607DDE04E0CD0EBEF922F3FBAF8A53
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):155648
                                                                                                                  Entropy (8bit):0.676360207566229
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:qF0IP2hH+bDo3iN0Z2TVJkXBBE3ybGF0O:g0IehIU3iGAIBBE3qc0O
                                                                                                                  MD5:9F1DFFFBCA2C3512E7F61E04F9DC0CB2
                                                                                                                  SHA1:B611E5CD7C573EBA83D7712ED99514DB95E39281
                                                                                                                  SHA-256:8D05B5E8D9147AB37A072FC35BE876919F0D59D2C51A5678DC30DB3E8AE80EFB
                                                                                                                  SHA-512:BDFB54C8C158A6E2B8DF9D4212DE860AF113E47FC520B28A8D0159A8692107C1E5989D560EF40717165E37C08BBCB39C6A157C0A21EF8297A2637536030580A3
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):8720
                                                                                                                  Entropy (8bit):0.21848828281205318
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:G/RtFlljq7A/mhWJFuQ3yy7IOWUCQdweytllrE9SFcTp4AGbNCV9RUI1:J75fO1d0Xi99pEYX
                                                                                                                  MD5:99D5F463602E7E5B6380A8DACD3D6378
                                                                                                                  SHA1:7264FC4F4952CAB1CEEA1267FF1D65EBCD2CB962
                                                                                                                  SHA-256:8C6267CE21455AA46D33DB4CD4692970EE4043C984E71AB97ADEA735D8CDFEE0
                                                                                                                  SHA-512:A37B5AB702BB9931C2ADB1B1EA1BC85B85705477C043F8F3C84F4E01D583BEDE047F38ED13250F56CFFF6250FA19F7E2B579840E2F6D69061932524B45BB4AC5
                                                                                                                  Malicious:false
                                                                                                                  Preview:............x......&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text, with very long lines (1597), with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):115717
                                                                                                                  Entropy (8bit):5.183660917461099
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:utDURN77GZqW3v6PD/469IxVBmB22q7LRks3swn0:utAaE2Jt0
                                                                                                                  MD5:3D8183370B5E2A9D11D43EBEF474B305
                                                                                                                  SHA1:155AB0A46E019E834FA556F3D818399BFF02162B
                                                                                                                  SHA-256:6A30BADAD93601FC8987B8239D8907BCBE65E8F1993E4D045D91A77338A2A5B4
                                                                                                                  SHA-512:B7AD04F10CD5DE147BDBBE2D642B18E9ECB2D39851BE1286FDC65FF83985EA30278C95263C98999B6D94683AE1DB86436877C30A40992ACA1743097A2526FE81
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "current_locale": "en-GB",.. "hub_apps": [ {.. "auto_show": {.. "enabled": true,.. "fre_notification": {.. "enabled": true,.. "header": "Was opening this pane helpful to you?",.. "show_count": 2,.. "text": "Was opening this pane helpful to you?".. },.. "settings_description": "We'll automatically open Bing Chat in the sidebar to show you relevant web experiences alongside your web content",.. "settings_title": "Automatically open Bing Chat in the sidebar",.. "triggering_configs|flight:msHubAppsMsnArticleAutoShowTriggering": [ {.. "show_count_basis": "signal",.. "signal_name": "IsMsnArticleAutoOpenFromP1P2",.. "signal_threshold": 0.5.. } ],.. "triggering_configs|flight:msUndersidePersistentChat": [ {.. "signal_name": "IsUndersidePersistentChatLink",.. "signal_threshold": 0.5.. } ],.. "triggering_co

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HubApps Icons

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 11, cookie 0x3, schema 4, UTF-8, version-valid-for 6
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):45056
                                                                                                                  Entropy (8bit):3.9180837648973172
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:jj9P0L773pLHjlgQkQerGcIgam6IkP/Kbt/RKToaADhf:jde7llge2p/UP/iRKc39
                                                                                                                  MD5:9EF199BFBE4BC0F4743D890950B15078
                                                                                                                  SHA1:79DB9096E6ED99C9B6FD60CEBF873729460DDBC5
                                                                                                                  SHA-256:80EE70AD9EFC207D4994B4A75ECE905EF3DD9A9B43C86A6BE8B56EED27A22F6B
                                                                                                                  SHA-512:BCD66BF50B6659F62DC5A4EF95522ECE7E77F2210A1DE1219F3FE63944B678A1DD0FB6FCD34B41514F4CEA988EDD17CE85940FD45C8F3F626EC4DFD10211B048
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...:.8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):408
                                                                                                                  Entropy (8bit):5.262415764116384
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:P1M+v4Yeb8rcHEZrELFUt82Dm/+2DpMV5LYeb8rcHEZrEZSJ:X4Yeb8nZrExg8aLYeb8nZrEZe
                                                                                                                  MD5:0C23EF50F811F8A80AAF349739EC5D60
                                                                                                                  SHA1:304FD7490976031C43FEF06F3DF938C4223111E6
                                                                                                                  SHA-256:3F5C0CBB390D715BB69ADD1797B4BD072AB24BF9649ED61CF1A7434309927221
                                                                                                                  SHA-512:5028EEF7D069B6B1F3FE92B562D3A0F56DDEC2F87C9D44487D6DBB120E40131F39DE891AC5B8BBE322021BE6E6393DEAF1E1F5E79BC41E74A0BC62D6B184D43F
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:08.219 1cfc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/06-07:54:08.220 1cfc Recovering log #3.2024/09/06-07:54:08.220 1cfc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold\LOG.old (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):408
                                                                                                                  Entropy (8bit):5.262415764116384
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:P1M+v4Yeb8rcHEZrELFUt82Dm/+2DpMV5LYeb8rcHEZrEZSJ:X4Yeb8nZrExg8aLYeb8nZrEZe
                                                                                                                  MD5:0C23EF50F811F8A80AAF349739EC5D60
                                                                                                                  SHA1:304FD7490976031C43FEF06F3DF938C4223111E6
                                                                                                                  SHA-256:3F5C0CBB390D715BB69ADD1797B4BD072AB24BF9649ED61CF1A7434309927221
                                                                                                                  SHA-512:5028EEF7D069B6B1F3FE92B562D3A0F56DDEC2F87C9D44487D6DBB120E40131F39DE891AC5B8BBE322021BE6E6393DEAF1E1F5E79BC41E74A0BC62D6B184D43F
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:08.219 1cfc Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/MANIFEST-000001.2024/09/06-07:54:08.220 1cfc Recovering log #3.2024/09/06-07:54:08.220 1cfc Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\jdiccldimpdaibmpdkjnbmckianbfold/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):336
                                                                                                                  Entropy (8bit):5.19736469940619
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:PFF+q2P923oH+Tcwt8a2jMGIFUt82F7Zmw+2F83VkwO923oH+Tcwt8a2jMmLJ:P6v4Yeb8EFUt82d/+2aF5LYeb8bJ
                                                                                                                  MD5:04228522062464B12C9F0E31F476F776
                                                                                                                  SHA1:6C3D3A4B762A96CBB11134503327AAAD78EAC1AE
                                                                                                                  SHA-256:BB09FDC8989253BF28570674E7BA96DFB51A871B20B1EB335B9494066FFA4BCA
                                                                                                                  SHA-512:316A412B2057F3116BC9033056AD49B0DA7C3AC5068D1F1131E09A3A320B41BF9F7E9698C9CF991A423E7695FB03CFCD350400E1B682370E5AFCBE0827021FE7
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:03.748 1e68 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/06-07:54:03.751 1e68 Recovering log #3.2024/09/06-07:54:03.758 1e68 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):336
                                                                                                                  Entropy (8bit):5.19736469940619
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:PFF+q2P923oH+Tcwt8a2jMGIFUt82F7Zmw+2F83VkwO923oH+Tcwt8a2jMmLJ:P6v4Yeb8EFUt82d/+2aF5LYeb8bJ
                                                                                                                  MD5:04228522062464B12C9F0E31F476F776
                                                                                                                  SHA1:6C3D3A4B762A96CBB11134503327AAAD78EAC1AE
                                                                                                                  SHA-256:BB09FDC8989253BF28570674E7BA96DFB51A871B20B1EB335B9494066FFA4BCA
                                                                                                                  SHA-512:316A412B2057F3116BC9033056AD49B0DA7C3AC5068D1F1131E09A3A320B41BF9F7E9698C9CF991A423E7695FB03CFCD350400E1B682370E5AFCBE0827021FE7
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:03.748 1e68 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/MANIFEST-000001.2024/09/06-07:54:03.751 1e68 Recovering log #3.2024/09/06-07:54:03.758 1e68 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\MediaDeviceSalts

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 6, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):24576
                                                                                                                  Entropy (8bit):0.4032171889473577
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:TLiCwbvwsw9VwLwcORslcDw3wJ6UwccI5fB5IwsdOn:TxKX0wxORAmA/U1cEB5IjdO
                                                                                                                  MD5:84EDD829190D5A65F9DB9ECB22CD712F
                                                                                                                  SHA1:943EB66C1D878DAF94F197F1FE9DFACCF02FF773
                                                                                                                  SHA-256:D76326CA1ADF1DAE45D3CE2A8D2604A90E84D0755395B74B2D5A9A66B148D2FD
                                                                                                                  SHA-512:8FE224555F4507641820A47B0631DB28248D802ECD0DE65898741C589E5E1344D5D7039489A39934E698FC99DCF3EBAED43E4695880D3D4C592CE3B7E310767B
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...p."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0be11041-02f1-4169-891c-e14c21ebb962.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2950
                                                                                                                  Entropy (8bit):5.31091314900485
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:YcgCzsHtsN0gs8fc7leeEsHJaZkEsY4RsLCpHqsv/+HYsr+HIes14bx9+:Fchk2kerJaZk844IF/4L4e4V9+
                                                                                                                  MD5:5A5E66D4C36BAD8EB3DEB2296FD2621D
                                                                                                                  SHA1:9BFB8292E88350014C3804163759DF57A02DF3E9
                                                                                                                  SHA-256:00C826406068DECFAF7B7D743EC252FCD62C816326E115504AD6CA4C1E7F5BF6
                                                                                                                  SHA-512:83E5A397EC3D4913B3D7500AAD52FEAE24678859B0A5D237E56E0C445D378A679976C37B59D9812FFFA446E961D0A05F803D7C63AB07447DE7105CDB54D00DB3
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372689245455900","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372689248134403","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372689249395238","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"s

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\0ea62314-cecc-493d-a208-b9268c84a883.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2
                                                                                                                  Entropy (8bit):1.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:H:H
                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                  Malicious:false
                                                                                                                  Preview:[]

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\26acdae6-37c2-4482-b09f-90ca3742450b.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:modified
                                                                                                                  Size (bytes):2950
                                                                                                                  Entropy (8bit):5.311204292060925
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:YcgCzsHtsN0gs8fc7leeEsHJaZkEsY4RsLCpHqsv/+HYsr+HIes14bxo+:Fchk2kerJaZk844IF/4L4e4Vo+
                                                                                                                  MD5:BEE5C596C25DA26F134CE6EAE8B18391
                                                                                                                  SHA1:1F52024C4911C8C967F285CDCB2F6B8F4D43783C
                                                                                                                  SHA-256:4136C40A19E69E4F1F187228BE687B7F79A0C3F8EEDB082757CE9646EB5B3F34
                                                                                                                  SHA-512:19ECC9DE38C892EC1DA92BDABE8569B2423BD7361161171596CF3BD492DCD58903EED26D53B69D1824428D19FC97EF427734B616EC93B78F88CC3202B4CE3720
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372689245455900","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372689248134403","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://fonts.gstatic.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13372689249395238","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"s

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\5a8c60ea-60c5-49ad-b700-2c7c6af0fe1a.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):40
                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\62264631-8860-4013-8b26-ad27ae3f946d.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2
                                                                                                                  Entropy (8bit):1.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:H:H
                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                  Malicious:false
                                                                                                                  Preview:[]

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\84d40793-ded2-41c1-9d07-27cd0fe75a24.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):188
                                                                                                                  Entropy (8bit):5.273444552732674
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YWRAWNjYJTBJTBPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZcdJo6:YWyWNsdBJTBBv31dB8wXwlmUUAnIMp5Q
                                                                                                                  MD5:5796DBF45D2A6B6C4723B9DF11672F93
                                                                                                                  SHA1:CE240AD26605190D069906D52051DE0F5B62A623
                                                                                                                  SHA-256:34B6927390134CBA21E540E986F1CB3AE9F698663982E3312A2FF6E0233AFF7F
                                                                                                                  SHA-512:3BC31B4E1375D9132B9EE9A3E32BF3C73484DC910CC2C64EDCE0FC450DDFC403C85C3A88F5C3180114A951D54DDF65AA8E043CDECA1FEEF52C87BF5ABC9EC427
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"sts":[{"expiry":1757159653.277152,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725623653.277157}],"version":2}

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\88865404-4cbd-44c0-9795-8eb6a910d06f.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2
                                                                                                                  Entropy (8bit):1.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:H:H
                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                  Malicious:false
                                                                                                                  Preview:[]

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\90cdc329-0ced-4fc2-b330-2ca4add5b6f8.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):187
                                                                                                                  Entropy (8bit):5.299936252953075
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YWRAWNjYJSUG4QXDBPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZiM:YWyWNsDQTBBv31dB8wXwlmUUAnIMp5YM
                                                                                                                  MD5:8D77F190B99D695187663D27F94B16F8
                                                                                                                  SHA1:63367C5FB72886EE85A9B0FBE2C667D3E7DDBA17
                                                                                                                  SHA-256:DAF13B71FD8B364EFFE36B3CA2787EDF40FE990BF3D81FEE75B60D85E4987064
                                                                                                                  SHA-512:9A834BFA8B4AD8E47ECF730E469917071F8A7F262A706E6D5F9A8BB34991D6014710563F25A8986749CEC0A714E23E55E375F79B4B527BBDE923DDC3828DBCB7
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"sts":[{"expiry":1757159713.330752,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725623713.33076}],"version":2}

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):20480
                                                                                                                  Entropy (8bit):1.0818684883177236
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:T2dKLopF+SawLUO1Xj8BmkjaBjl22oH75/HPeUqOFyPr:ige+Aumk+NytGUor
                                                                                                                  MD5:DB813AD90202A85A48CAF2935323FD82
                                                                                                                  SHA1:447529A83968B8574BC6A7F72642D3B15E9BEF39
                                                                                                                  SHA-256:84D98393A563A3BDA68588B8516F71BC4D1D9B2B9B1BE94C3AC2AE7286786FC6
                                                                                                                  SHA-512:0688C46D971F3DBBA779D31352974C097207B114341F61C52893A98955B7CB70CA2ACC4DF6D0B93F19F72FADD63E180A77729C26237662EB13F1D343CB61B319
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1419
                                                                                                                  Entropy (8bit):5.336110615415376
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
                                                                                                                  MD5:7D870539B6C4EE40FA5CFD87A3D4BFEC
                                                                                                                  SHA1:F45BE07A3A05615856688219AFE6713EBABBAC2C
                                                                                                                  SHA-256:73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
                                                                                                                  SHA-512:90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF44e5b.TMP (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1419
                                                                                                                  Entropy (8bit):5.336110615415376
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
                                                                                                                  MD5:7D870539B6C4EE40FA5CFD87A3D4BFEC
                                                                                                                  SHA1:F45BE07A3A05615856688219AFE6713EBABBAC2C
                                                                                                                  SHA-256:73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
                                                                                                                  SHA-512:90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State~RF4d770.TMP (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1419
                                                                                                                  Entropy (8bit):5.336110615415376
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
                                                                                                                  MD5:7D870539B6C4EE40FA5CFD87A3D4BFEC
                                                                                                                  SHA1:F45BE07A3A05615856688219AFE6713EBABBAC2C
                                                                                                                  SHA-256:73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
                                                                                                                  SHA-512:90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Reporting and NEL

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 6, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):36864
                                                                                                                  Entropy (8bit):1.3296031285135868
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:uIEumQv8m1ccnvS6MDo2dQF2YQ9UZm14/WxRVkI:uIEumQv8m1ccnvS65282rUZmGWld
                                                                                                                  MD5:BC11E57F8D242DE7AEDD5CFE515636DA
                                                                                                                  SHA1:F855FE0159F980A9633BE125FBF34F7C9827DCAE
                                                                                                                  SHA-256:84F076672731CE763BD641FE5FABB19D0526B337DAE1F25C2570CCC5F55CDFCC
                                                                                                                  SHA-512:37EDF9F737D9E0C8C73B7335B05355F5F327AFBAEBDE9CAC704B98B43C2196B3578D9ED5BF290B10D48B406BB177F69BBC54AEC790CB751CBC6C82A1DDB9142C
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2
                                                                                                                  Entropy (8bit):1.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:H:H
                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                  Malicious:false
                                                                                                                  Preview:[]

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF34670.TMP (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2
                                                                                                                  Entropy (8bit):1.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:H:H
                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                  Malicious:false
                                                                                                                  Preview:[]

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF359c9.TMP (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2
                                                                                                                  Entropy (8bit):1.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:H:H
                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                  Malicious:false
                                                                                                                  Preview:[]

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports~RF3634f.TMP (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2
                                                                                                                  Entropy (8bit):1.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:H:H
                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                  Malicious:false
                                                                                                                  Preview:[]

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):40
                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):188
                                                                                                                  Entropy (8bit):5.273444552732674
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YWRAWNjYJTBJTBPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZcdJo6:YWyWNsdBJTBBv31dB8wXwlmUUAnIMp5Q
                                                                                                                  MD5:5796DBF45D2A6B6C4723B9DF11672F93
                                                                                                                  SHA1:CE240AD26605190D069906D52051DE0F5B62A623
                                                                                                                  SHA-256:34B6927390134CBA21E540E986F1CB3AE9F698663982E3312A2FF6E0233AFF7F
                                                                                                                  SHA-512:3BC31B4E1375D9132B9EE9A3E32BF3C73484DC910CC2C64EDCE0FC450DDFC403C85C3A88F5C3180114A951D54DDF65AA8E043CDECA1FEEF52C87BF5ABC9EC427
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"sts":[{"expiry":1757159653.277152,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725623653.277157}],"version":2}

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity~RF472cb.TMP (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):188
                                                                                                                  Entropy (8bit):5.273444552732674
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YWRAWNjYJTBJTBPI0omRSSXmQh3wYHGKB8HQXwlm9yJUA6XcIR6RX77XMqZcdJo6:YWyWNsdBJTBBv31dB8wXwlmUUAnIMp5Q
                                                                                                                  MD5:5796DBF45D2A6B6C4723B9DF11672F93
                                                                                                                  SHA1:CE240AD26605190D069906D52051DE0F5B62A623
                                                                                                                  SHA-256:34B6927390134CBA21E540E986F1CB3AE9F698663982E3312A2FF6E0233AFF7F
                                                                                                                  SHA-512:3BC31B4E1375D9132B9EE9A3E32BF3C73484DC910CC2C64EDCE0FC450DDFC403C85C3A88F5C3180114A951D54DDF65AA8E043CDECA1FEEF52C87BF5ABC9EC427
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"sts":[{"expiry":1757159653.277152,"host":"8/RrMmQlCD2Gsp14wUCE1P8r7B2C5+yE0+g79IPyRsc=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1725623653.277157}],"version":2}

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\befc4fb5-ab5e-45c4-a085-de5580b88528.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1419
                                                                                                                  Entropy (8bit):5.336110615415376
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:YXsJZVMdmRdsBjZFRudFGRw6ma3yeesRds1yZFGJ/I3w6C1E6maPsQYhbxP7np+:YXs/tsbfc7leeEscgCgakhYhbx9+
                                                                                                                  MD5:7D870539B6C4EE40FA5CFD87A3D4BFEC
                                                                                                                  SHA1:F45BE07A3A05615856688219AFE6713EBABBAC2C
                                                                                                                  SHA-256:73513F7A38830E47624257EF04A4F73BF174FD1FEBAC172AA416BF6470930F90
                                                                                                                  SHA-512:90EABCE74F8CBB5FF1F96566E1293887BB3DB36C9E32F6C619D1EC7C9AAE504221CDEC2DD1468915A0A06A65E472C5446731838C89E665EBD9FA114F12261327
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492604479295","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABIAAABodHRwczovL2dvb2dsZS5jb20AAA==",false],"server":"https://clients2.google.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492605127283","port":443,"protocol_str":"quic"}],"anonymization":["JAAAAB0AAABodHRwczovL2dvb2dsZXVzZXJjb250ZW50LmNvbQAAAA==",false],"server":"https://clients2.googleusercontent.com","supports_spdy":true},{"anonymization":["HAAAABUAAABodHRwczovL21pY3Jvc29mdC5jb20AAAA=",false],"server":"https://msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com","supports_spdy":true},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13343492606741506","port":443,"protocol_str":"quic"}],"anonymization":["IAAAABoAAABodHRwczovL3d3dy5nb29nbGVhcGlzLmNvbQAA",false],"server":"https://www.googleapis.com","supports_spdy":true},{"anonymizatio

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\e8a87d54-a3fb-4c08-8cec-ffb8f87a7ab0.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2
                                                                                                                  Entropy (8bit):1.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:H:H
                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                  Malicious:false
                                                                                                                  Preview:[]

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Nurturing\campaign_history

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):20480
                                                                                                                  Entropy (8bit):0.7391107375212417
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:TLSnAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isvhldvd0dtdjiG1d6XfN:TLSOUOq0afDdWec9sJAhvlXI7J5fc
                                                                                                                  MD5:A74BFDCBFB880F469AD54BEF7B1B0C88
                                                                                                                  SHA1:0012DD82FEB43839A30557EAF9E8DB2EB7259142
                                                                                                                  SHA-256:63DFF3D10BF10F8F5326776956AF6DE1463CF0A14792C4451D4A76EFA1BF4BA2
                                                                                                                  SHA-512:203FC220BF05344052340CCC6F77233669C200FDC6596EEE6F5D1E2203328D7D116BF07DE664D1D60EA2CD96F006406A9F0A2035BFAA86C93A103193E6EA4583
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):13115
                                                                                                                  Entropy (8bit):5.2876881563264115
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:stNPGKSumsRelfOfhPQbGjpQx6WVaTYAQ:s7OxuqlGfubGWxhaTYAQ
                                                                                                                  MD5:EE07B640C37AE1895809FEDABD163BB5
                                                                                                                  SHA1:D0EA0948F912164C13BDBD866BE8E3976D471A2B
                                                                                                                  SHA-256:3940F66959EAB266BE08EF54D8087598D09A521DE8F0AA600DE3C20F050B38E3
                                                                                                                  SHA-512:76C036BD33D51DEF8E78CDB7DAFA8D8A95CD4ACCC9A47A5EA1F30DBBADD0514143106C99AB03AF12344293E21181A8E8329410EE85BDB25521FA3617E19145AB
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370097243992551","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF38cd0.TMP (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):13115
                                                                                                                  Entropy (8bit):5.2876881563264115
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:stNPGKSumsRelfOfhPQbGjpQx6WVaTYAQ:s7OxuqlGfubGWxhaTYAQ
                                                                                                                  MD5:EE07B640C37AE1895809FEDABD163BB5
                                                                                                                  SHA1:D0EA0948F912164C13BDBD866BE8E3976D471A2B
                                                                                                                  SHA-256:3940F66959EAB266BE08EF54D8087598D09A521DE8F0AA600DE3C20F050B38E3
                                                                                                                  SHA-512:76C036BD33D51DEF8E78CDB7DAFA8D8A95CD4ACCC9A47A5EA1F30DBBADD0514143106C99AB03AF12344293E21181A8E8329410EE85BDB25521FA3617E19145AB
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370097243992551","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF3d68b.TMP (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):13115
                                                                                                                  Entropy (8bit):5.2876881563264115
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:stNPGKSumsRelfOfhPQbGjpQx6WVaTYAQ:s7OxuqlGfubGWxhaTYAQ
                                                                                                                  MD5:EE07B640C37AE1895809FEDABD163BB5
                                                                                                                  SHA1:D0EA0948F912164C13BDBD866BE8E3976D471A2B
                                                                                                                  SHA-256:3940F66959EAB266BE08EF54D8087598D09A521DE8F0AA600DE3C20F050B38E3
                                                                                                                  SHA-512:76C036BD33D51DEF8E78CDB7DAFA8D8A95CD4ACCC9A47A5EA1F30DBBADD0514143106C99AB03AF12344293E21181A8E8329410EE85BDB25521FA3617E19145AB
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370097243992551","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Preferences~RF44bab.TMP (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):13115
                                                                                                                  Entropy (8bit):5.2876881563264115
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:stNPGKSumsRelfOfhPQbGjpQx6WVaTYAQ:s7OxuqlGfubGWxhaTYAQ
                                                                                                                  MD5:EE07B640C37AE1895809FEDABD163BB5
                                                                                                                  SHA1:D0EA0948F912164C13BDBD866BE8E3976D471A2B
                                                                                                                  SHA-256:3940F66959EAB266BE08EF54D8087598D09A521DE8F0AA600DE3C20F050B38E3
                                                                                                                  SHA-512:76C036BD33D51DEF8E78CDB7DAFA8D8A95CD4ACCC9A47A5EA1F30DBBADD0514143106C99AB03AF12344293E21181A8E8329410EE85BDB25521FA3617E19145AB
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370097243992551","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000001.dbtmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):16
                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                  Malicious:false
                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\000003.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:modified
                                                                                                                  Size (bytes):83572
                                                                                                                  Entropy (8bit):5.664213273903742
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:DL0/Ry7vm2lhq4ljc+PjfOzBu+RMDVogUlcPCcBjjmny8dLA8j7baD7:DL6yLm2fq4pc+rCAogU2CcBjj3YAg7mn
                                                                                                                  MD5:6EE11965061577135FA75C792E1AD2F5
                                                                                                                  SHA1:192A75A2013B67F435893CB7BD7BDE1E005AFFB7
                                                                                                                  SHA-256:5C6DD07A406F21539D5A472D1019935B3A36636F2DB00EB24CE5C185C2B07485
                                                                                                                  SHA-512:656924D9EA3EB46542A6A4B93EEF2DB28116C61D9D83E693F458FD570F766D1700C97FD46230CC265B46B8EA2358FB7AB6F1F4AD3F775338E13A0059038D7D45
                                                                                                                  Malicious:false
                                                                                                                  Preview:...m.................DB_VERSION.1...^j...............(QUERY_TIMESTAMP:product_category_en1.*.*.13370097253616991..QUERY:product_category_en1.*.*..[{"name":"product_category_en","url":"https://edgeassetservice.azureedge.net/assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories","version":{"major":1,"minor":0,"patch":0},"hash":"r2jWYy3aqoi3+S+aPyOSfXOCPeLSy5AmAjNHvYRv9Hg=","size":82989}]...yg~..............!ASSET_VERSION:product_category_en.1.0.0..ASSET:product_category_en...."..3....Car & Garage..Belts & Hoses.#..+....Sports & Outdoors..Air Pumps.!.."....Car & Garage..Body Styling.4..5./..Gourmet Food & Chocolate..Spices & Seasonings.'..,."..Sports & Outdoors..Sleeping Gear.!..6....Lawn & Garden..Hydroponics.9.a.5..Books & Magazines. Gay & Lesbian Interest Magazines....+....Office Products..Pins.,..3.'..Kitchen & Housewares..Coffee Grinders.$..#....Computing..Enterprise Servers.#..&....Home Furnishings..Footboards.6...2..Books & Magazines..Computer & Internet Magazines.)..

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\CURRENT (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):16
                                                                                                                  Entropy (8bit):3.2743974703476995
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                  MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                  SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                  SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                  SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                  Malicious:false
                                                                                                                  Preview:MANIFEST-000001.

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\LOG

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):307
                                                                                                                  Entropy (8bit):5.200346298588268
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:PoX8q+q1923oH+TcwtgctZQInvB2KLlloXXwQL+q2P923oH+TcwtgctZQInvIFUv:PmmYebgGZznvFLncwQyv4YebgGZznQF2
                                                                                                                  MD5:8446D3489DC6FC20FA5AC53851A0FDE6
                                                                                                                  SHA1:999A841D8CCC266FD9E9172FA7654D1C31FB5176
                                                                                                                  SHA-256:1E8E0EFB8B34F932735E122996A384A62D44D78EAA3F65039544D7BECEBBCF1B
                                                                                                                  SHA-512:F28E3C7F8A8FA93EC44D6BA3551994C4A306DA56752ADAC403F1CFAFB85D6E78034072A33E1057F8F6F73696B02C4C937C5B974386DB8E9478F6BC0422CF415B
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:12.863 da8 Creating DB C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db since it was missing..2024/09/06-07:54:12.951 da8 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparisonAssetStore.db/MANIFEST-000001.

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\PriceComparison\PriceComparisonAssetStore.db\MANIFEST-000001

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:OpenPGP Secret Key
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):41
                                                                                                                  Entropy (8bit):4.704993772857998
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                  MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                  SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                  SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                  SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                  Malicious:false
                                                                                                                  Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):37149
                                                                                                                  Entropy (8bit):5.564000762477264
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:eYltYrWP+EfPg8F1+UoAYDCx9Tuqh0VfUC9xbog/OVsTvAec+rwMGaoqKpEtuW:eYltYrWP+EfPgu1jaVTvFcbMGaBdtB
                                                                                                                  MD5:DDCD69FAE1F8C904EE441F6AE7190B75
                                                                                                                  SHA1:86907877294FF59DC03238407F62B29DC48D59BF
                                                                                                                  SHA-256:29BD0C05BF09A0E88F9B00482643C0B4FF9194689D23520229EBF1B15A978525
                                                                                                                  SHA-512:D636963D0C98732A3B31CCF28BB4A88F9A99D2F6C44FF5F285FF671FD306B09BDC9D1453EF4CECDF29EF98213D401A10EE3B570A75EC0551ED37D35D497C1EC7
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370097243326854","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370097243326854","location":5,"ma

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences~RF38a6e.TMP (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):37149
                                                                                                                  Entropy (8bit):5.564000762477264
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:eYltYrWP+EfPg8F1+UoAYDCx9Tuqh0VfUC9xbog/OVsTvAec+rwMGaoqKpEtuW:eYltYrWP+EfPgu1jaVTvFcbMGaBdtB
                                                                                                                  MD5:DDCD69FAE1F8C904EE441F6AE7190B75
                                                                                                                  SHA1:86907877294FF59DC03238407F62B29DC48D59BF
                                                                                                                  SHA-256:29BD0C05BF09A0E88F9B00482643C0B4FF9194689D23520229EBF1B15A978525
                                                                                                                  SHA-512:D636963D0C98732A3B31CCF28BB4A88F9A99D2F6C44FF5F285FF671FD306B09BDC9D1453EF4CECDF29EF98213D401A10EE3B570A75EC0551ED37D35D497C1EC7
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370097243326854","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370097243326854","location":5,"ma

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):440
                                                                                                                  Entropy (8bit):4.625655635891451
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:S+a8ljljljljlLW/UdPma+CDQ3dPmPnGz3A/XkAvkAvkAv:Ra0ZZZZi/Ud58dYG0Xk8k8k8
                                                                                                                  MD5:D05EA1D72AB9924FCEA71327EBDBD8A1
                                                                                                                  SHA1:F1E5F92EF75F8CCC8622272DF58CDC1D539B4B1B
                                                                                                                  SHA-256:50CC65AAFF5F053FDA14A07FB44CDAD52FF408DCCC553652D47461C96DB6824C
                                                                                                                  SHA-512:D5C74472800B71B5935651260F7165B6A1B86424CDF0A73EE22D40353A8BC8D5AF63BB58CC7E21543E3C7DA3EE6FC955FA17B7847FB0644E402EDA77847A4C27
                                                                                                                  Malicious:false
                                                                                                                  Preview:*...#................version.1..namespace-..&f.................&f.................&f.................&f.................&f...............i9..j................next-map-id.1.Knamespace-7823c472_b53e_4fd1_b68e_83e885d32efc-https://accounts.google.com/.0f.k................next-map-id.2.Lnamespace-7823c472_b53e_4fd1_b68e_83e885d32efc-https://accounts.youtube.com/.1. .................. .................. .................. .................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):324
                                                                                                                  Entropy (8bit):5.159750780864595
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:PLMN+q2P923oH+TcwtrQMxIFUt82L6Zmw+2yHNVkwO923oH+TcwtrQMFLJ:PLVv4YebCFUt82L6/+2qz5LYebtJ
                                                                                                                  MD5:2042DCAB63911F60695957C065FF9FA8
                                                                                                                  SHA1:9932333EB3FCC2004868641EE4D813056B8508EA
                                                                                                                  SHA-256:7F10766369E1A2D1F837BE3E12C46EADD54C7D247FA57E0E74B0880E0407EA39
                                                                                                                  SHA-512:F960D08BA2A88631D7DCF880B175896EB3571ECBAC850B0C8692D0BE9E2DC4EC0AE7E94A5CA684C0ABBEE67E8D942D2B2B3735CCEF0849765571BC600159C40C
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:03.932 1e68 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/06-07:54:03.934 1e68 Recovering log #3.2024/09/06-07:54:04.065 1e68 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG.old (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):324
                                                                                                                  Entropy (8bit):5.159750780864595
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:PLMN+q2P923oH+TcwtrQMxIFUt82L6Zmw+2yHNVkwO923oH+TcwtrQMFLJ:PLVv4YebCFUt82L6/+2qz5LYebtJ
                                                                                                                  MD5:2042DCAB63911F60695957C065FF9FA8
                                                                                                                  SHA1:9932333EB3FCC2004868641EE4D813056B8508EA
                                                                                                                  SHA-256:7F10766369E1A2D1F837BE3E12C46EADD54C7D247FA57E0E74B0880E0407EA39
                                                                                                                  SHA-512:F960D08BA2A88631D7DCF880B175896EB3571ECBAC850B0C8692D0BE9E2DC4EC0AE7E94A5CA684C0ABBEE67E8D942D2B2B3735CCEF0849765571BC600159C40C
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:03.932 1e68 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/MANIFEST-000001.2024/09/06-07:54:03.934 1e68 Recovering log #3.2024/09/06-07:54:04.065 1e68 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13370097245851975

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):9281
                                                                                                                  Entropy (8bit):4.082349979574246
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:3FpXOR1F0V3P+/NF0v3P+/lF0E3MgePH3P+/1:ORD0N+/r03+/z0Ea+/1
                                                                                                                  MD5:3B39C8D34460C493F1CC1304228D6F65
                                                                                                                  SHA1:68CFBC42F8A36444C77F43A910B40B3B8E5E48FB
                                                                                                                  SHA-256:A96D45BD2A8A5C353702024498358995F10702A3FE07F58BC0165FCE3F75CF02
                                                                                                                  SHA-512:EEBEDD21640063556E2A640EB082B6A0CEFAF5FC694C4BAC8261E90DC478BCBE0D54F972BECB8D6F14770DEBD98516AD4786E91D69D2DCCA544357E4AA17FC31
                                                                                                                  Malicious:false
                                                                                                                  Preview:SNSS........x.............x.......".x.............x.........x.........x.........x.....!...x.................................x..x.1..,....x.$...7823c472_b53e_4fd1_b68e_83e885d32efc....x.........x................x.....x.........................x.....................5..0....x.&...{98952893-68FF-4A5D-A164-705C709ED3DB}......x.........x.............................x.................x.o...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium....117.....Google Chrome.......117.........Not;A=Brand.....8.0.0.0.....Chromium....117.0.5938.132......Google Chrome.......117.0.5938.132......117.0.5938.132......Windows.....10.0.0......x86.............64.....................x.................x.o...Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36.........................Not;A=Brand.....8.......Chromium...

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Shortcuts

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):20480
                                                                                                                  Entropy (8bit):0.44194574462308833
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:TLiNCcUMskMVcIWGhWxBzEXx7AAQlvsdFxOUwa5qgufTJpbZ75fOS:TLisVMnYPhIY5Qlvsd6UwccNp15fB
                                                                                                                  MD5:B35F740AA7FFEA282E525838EABFE0A6
                                                                                                                  SHA1:A67822C17670CCE0BA72D3E9C8DA0CE755A3421A
                                                                                                                  SHA-256:5D599596D116802BAD422497CF68BE59EEB7A9135E3ED1C6BEACC48F73827161
                                                                                                                  SHA-512:05C0D33516B2C1AB6928FB34957AD3E03CB0A8B7EEC0FD627DD263589655A16DEA79100B6CC29095C3660C95FD2AFB2E4DD023F0597BD586DD664769CABB67F8
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g....."....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):352
                                                                                                                  Entropy (8bit):5.161393407960033
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:PPL4q2P923oH+Tcwt7Uh2ghZIFUt82aNJZmw+2aNDkwO923oH+Tcwt7Uh2gnLJ:Pj4v4YebIhHh2FUt82aNJ/+2aND5LYeQ
                                                                                                                  MD5:78C29D834B8E1897710F7A75B4606264
                                                                                                                  SHA1:CE778C56EB5A702E96A132B16331A06FE8903B3E
                                                                                                                  SHA-256:D68788805787C2B937D7669CB7B9FC46CA37D0697E31503842CD0622C745BD2B
                                                                                                                  SHA-512:23DEF7C66B01A029C0503ADA0ED866968A2FE17374C472FE896F3F043E251B2BC1A4E8182C683B8EAE462C618B4933DC7BB5094A09468BCE02F367909DE1E692
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:03.473 1d64 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/06-07:54:03.476 1d64 Recovering log #3.2024/09/06-07:54:03.476 1d64 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):352
                                                                                                                  Entropy (8bit):5.161393407960033
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:PPL4q2P923oH+Tcwt7Uh2ghZIFUt82aNJZmw+2aNDkwO923oH+Tcwt7Uh2gnLJ:Pj4v4YebIhHh2FUt82aNJ/+2aND5LYeQ
                                                                                                                  MD5:78C29D834B8E1897710F7A75B4606264
                                                                                                                  SHA1:CE778C56EB5A702E96A132B16331A06FE8903B3E
                                                                                                                  SHA-256:D68788805787C2B937D7669CB7B9FC46CA37D0697E31503842CD0622C745BD2B
                                                                                                                  SHA-512:23DEF7C66B01A029C0503ADA0ED866968A2FE17374C472FE896F3F043E251B2BC1A4E8182C683B8EAE462C618B4933DC7BB5094A09468BCE02F367909DE1E692
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:03.473 1d64 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/MANIFEST-000001.2024/09/06-07:54:03.476 1d64 Recovering log #3.2024/09/06-07:54:03.476 1d64 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\DawnCache\data_1

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):270336
                                                                                                                  Entropy (8bit):0.0012471779557650352
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                  MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                  SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                  SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                  SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                  Malicious:false
                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\GPUCache\data_1

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):270336
                                                                                                                  Entropy (8bit):0.0012471779557650352
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                  MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                  SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                  SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                  SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                  Malicious:false
                                                                                                                  Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):434
                                                                                                                  Entropy (8bit):5.242755080407474
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:PfOv4YebvqBQFUt82sF/+2J5LYebvqBvJ:3M4YebvZg8rLYebvk
                                                                                                                  MD5:1F7211A9761C43CCF8AB2E12F966023F
                                                                                                                  SHA1:8911493D3BB35F451017B46DACEE841FE3CB619A
                                                                                                                  SHA-256:B8A5B0FCE1E33F84B7913CC627AC0BA9938840A1F424088055A96E2E5DF6AC34
                                                                                                                  SHA-512:D97677C6BC1BCDE8B14A99F804229097E6238A0D194C42A487099ADFAC70FBC2E71282BC5DE6D55B1C3243FA0277447C4BD19984994E93DAE15DA92B4ED1F1FE
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:04.422 1e68 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/06-07:54:04.423 1e68 Recovering log #3.2024/09/06-07:54:04.426 1e68 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb\LOG.old (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):434
                                                                                                                  Entropy (8bit):5.242755080407474
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:PfOv4YebvqBQFUt82sF/+2J5LYebvqBvJ:3M4YebvZg8rLYebvk
                                                                                                                  MD5:1F7211A9761C43CCF8AB2E12F966023F
                                                                                                                  SHA1:8911493D3BB35F451017B46DACEE841FE3CB619A
                                                                                                                  SHA-256:B8A5B0FCE1E33F84B7913CC627AC0BA9938840A1F424088055A96E2E5DF6AC34
                                                                                                                  SHA-512:D97677C6BC1BCDE8B14A99F804229097E6238A0D194C42A487099ADFAC70FBC2E71282BC5DE6D55B1C3243FA0277447C4BD19984994E93DAE15DA92B4ED1F1FE
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:04.422 1e68 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/MANIFEST-000001.2024/09/06-07:54:04.423 1e68 Recovering log #3.2024/09/06-07:54:04.426 1e68 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Local Storage\leveldb/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\160575e5-6d8f-44cf-96a1-407669430511.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2
                                                                                                                  Entropy (8bit):1.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:H:H
                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                  Malicious:false
                                                                                                                  Preview:[]

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\1d89a61e-83e4-473f-bf56-a31865cfac89.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):144
                                                                                                                  Entropy (8bit):4.842082263530856
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiBn1KKyRY:YHpoeS7PMVKJTnMRK3B1KF+
                                                                                                                  MD5:F32592F4926E25E0D647EA7E4CBCD3FE
                                                                                                                  SHA1:4126DAA71810BDC438563699F77D5DA66DD3295E
                                                                                                                  SHA-256:BB0A228D78AE9A4E3508B13B041710AAA7E658AAA526FA553719851EB4F2303A
                                                                                                                  SHA-512:96F9B027B0E7E44E14006EAC6DE05A6CF684F5D6427004737CC379DC02875FA1D65C422AB6CA0EF89C0555ACD12B1D99F552894F15EE9EAF1A203FE58835A35D
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\4e2f7cba-0ab2-4000-a1b2-da2fb7c6a178.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:modified
                                                                                                                  Size (bytes):144
                                                                                                                  Entropy (8bit):4.842082263530856
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                                                  MD5:ABE81C38891A875B52127ACE9C314105
                                                                                                                  SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                                                  SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                                                  SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):144
                                                                                                                  Entropy (8bit):4.842082263530856
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                                                  MD5:ABE81C38891A875B52127ACE9C314105
                                                                                                                  SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                                                  SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                                                  SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF44e5b.TMP (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):144
                                                                                                                  Entropy (8bit):4.842082263530856
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                                                  MD5:ABE81C38891A875B52127ACE9C314105
                                                                                                                  SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                                                  SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                                                  SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Network Persistent State~RF4d770.TMP (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):144
                                                                                                                  Entropy (8bit):4.842082263530856
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                                                  MD5:ABE81C38891A875B52127ACE9C314105
                                                                                                                  SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                                                  SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                                                  SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2
                                                                                                                  Entropy (8bit):1.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:H:H
                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                  Malicious:false
                                                                                                                  Preview:[]

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF359c9.TMP (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2
                                                                                                                  Entropy (8bit):1.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:H:H
                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                  Malicious:false
                                                                                                                  Preview:[]

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\SCT Auditing Pending Reports~RF3634f.TMP (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2
                                                                                                                  Entropy (8bit):1.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:H:H
                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                  Malicious:false
                                                                                                                  Preview:[]

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Sdch Dictionaries (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):40
                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\Trust Tokens

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):36864
                                                                                                                  Entropy (8bit):0.3886039372934488
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                  MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                  SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                  SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                  SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\a471cc70-dfee-4799-8235-7f8b27ec56e6.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):40
                                                                                                                  Entropy (8bit):4.1275671571169275
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                  MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                  SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                  SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                  SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\a7dca9ba-65dc-410a-82b1-97354740b8d0.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2
                                                                                                                  Entropy (8bit):1.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:H:H
                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                  Malicious:false
                                                                                                                  Preview:[]

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\c51f55bf-c4d2-4e05-b239-305f044310e4.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2
                                                                                                                  Entropy (8bit):1.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:H:H
                                                                                                                  MD5:D751713988987E9331980363E24189CE
                                                                                                                  SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                  SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                  SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                  Malicious:false
                                                                                                                  Preview:[]

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Network\c58fafdd-6cd4-4b76-84d0-b71dbe95f4e3.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):144
                                                                                                                  Entropy (8bit):4.842082263530856
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKqkomn1KKyRY:YHpoeS7PMVKJTnMRKXkh1KF+
                                                                                                                  MD5:ABE81C38891A875B52127ACE9C314105
                                                                                                                  SHA1:8EDEBDDAD493CF02D3986A664A4AD1C71CCEBB5F
                                                                                                                  SHA-256:6D398F9EB5969D487B57E1C3E1EDDE58660545A7CE404F6DA40C8738B56B6177
                                                                                                                  SHA-512:B90DC0E50262ECB05FE1989FA3797C51DF92C83BE94F28FE020994ED6F0E1365EB5B9A0ADA68FCFD46DADEDB6F08FA0E57FF91AA12ED88C3D9AE112FF74329F2
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"3G","CAYSABiAgICA+P////8B":"Offline"}}}

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\000003.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):80
                                                                                                                  Entropy (8bit):3.4921535629071894
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:S8ltHlS+QUl1ASEGhTFljl:S85aEFljl
                                                                                                                  MD5:69449520FD9C139C534E2970342C6BD8
                                                                                                                  SHA1:230FE369A09DEF748F8CC23AD70FD19ED8D1B885
                                                                                                                  SHA-256:3F2E9648DFDB2DDB8E9D607E8802FEF05AFA447E17733DD3FD6D933E7CA49277
                                                                                                                  SHA-512:EA34C39AEA13B281A6067DE20AD0CDA84135E70C97DB3CDD59E25E6536B19F7781E5FC0CA4A11C3618D43FC3BD3FBC120DD5C1C47821A248B8AD351F9F4E6367
                                                                                                                  Malicious:false
                                                                                                                  Preview:*...#................version.1..namespace-..&f.................&f...............

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):422
                                                                                                                  Entropy (8bit):5.2567937832829505
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:PA4v4YebvqBZFUt82ADuZ/+2AOF5LYebvqBaJ:B4Yebvyg8luBLYebvL
                                                                                                                  MD5:70173E4801A07308F327CA520D28320F
                                                                                                                  SHA1:3C464E41E2FB5C272071F78965413EC3F87F8359
                                                                                                                  SHA-256:9E6245F3E6589B6BB7BC9A24593A88F123D682ED2E230ABD58000670DEE8BBB6
                                                                                                                  SHA-512:D1B831A61B2F56C89A8F0A836278FD300D888B8B146C4B3D7150538F4393B120D3B061C1ABEC8D88BA25775B72856C8DA4311FBD873348D60E3AB479185AFE10
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:22.526 1e68 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/06-07:54:22.527 1e68 Recovering log #3.2024/09/06-07:54:22.530 1e68 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage\LOG.old (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):422
                                                                                                                  Entropy (8bit):5.2567937832829505
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:PA4v4YebvqBZFUt82ADuZ/+2AOF5LYebvqBaJ:B4Yebvyg8luBLYebvL
                                                                                                                  MD5:70173E4801A07308F327CA520D28320F
                                                                                                                  SHA1:3C464E41E2FB5C272071F78965413EC3F87F8359
                                                                                                                  SHA-256:9E6245F3E6589B6BB7BC9A24593A88F123D682ED2E230ABD58000670DEE8BBB6
                                                                                                                  SHA-512:D1B831A61B2F56C89A8F0A836278FD300D888B8B146C4B3D7150538F4393B120D3B061C1ABEC8D88BA25775B72856C8DA4311FBD873348D60E3AB479185AFE10
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:22.526 1e68 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/MANIFEST-000001.2024/09/06-07:54:22.527 1e68 Recovering log #3.2024/09/06-07:54:22.530 1e68 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Storage\ext\ihmafllikibpmigkcoadcmckbfhibefp\def\Session Storage/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):328
                                                                                                                  Entropy (8bit):5.219126009945764
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:P+jyq2P923oH+TcwtpIFUt82+11Zmw+2fRkwO923oH+Tcwta/WLJ:PWyv4YebmFUt82u/+2fR5LYebaUJ
                                                                                                                  MD5:4A73514239ADD64B23A39A1FABFBCFCD
                                                                                                                  SHA1:456EA4C171836536FEF8117FAFA3BF549A7905A4
                                                                                                                  SHA-256:FA056D7503EAD46D290383CBC668928055F2B755BBC0C1675A5A06DB9B9A1533
                                                                                                                  SHA-512:D6E57D2E82BF635052E892D2B82E71C9FB05CD5604482DDE3DE70810D0D8BC762977E8AEFF348ACADD7BB8968BF5E096E5F584125A3725EB298AF555D0B55133
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:03.471 1d54 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/06-07:54:03.471 1d54 Recovering log #3.2024/09/06-07:54:03.472 1d54 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):328
                                                                                                                  Entropy (8bit):5.219126009945764
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:P+jyq2P923oH+TcwtpIFUt82+11Zmw+2fRkwO923oH+Tcwta/WLJ:PWyv4YebmFUt82u/+2fR5LYebaUJ
                                                                                                                  MD5:4A73514239ADD64B23A39A1FABFBCFCD
                                                                                                                  SHA1:456EA4C171836536FEF8117FAFA3BF549A7905A4
                                                                                                                  SHA-256:FA056D7503EAD46D290383CBC668928055F2B755BBC0C1675A5A06DB9B9A1533
                                                                                                                  SHA-512:D6E57D2E82BF635052E892D2B82E71C9FB05CD5604482DDE3DE70810D0D8BC762977E8AEFF348ACADD7BB8968BF5E096E5F584125A3725EB298AF555D0B55133
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:03.471 1d54 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/MANIFEST-000001.2024/09/06-07:54:03.471 1d54 Recovering log #3.2024/09/06-07:54:03.472 1d54 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):131072
                                                                                                                  Entropy (8bit):0.005582420312713277
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:ImtVF+R5I/gvlllk8wHltl:IiVEYgvC8wFtl
                                                                                                                  MD5:C210F2C851604345F12B8B0848F174B2
                                                                                                                  SHA1:DBC4CFAEA79BA1F392319A4AFF51C83C438D5D5D
                                                                                                                  SHA-256:2BCF466740C82739BDB745622707184502A11BE1EFA1DD5AE24D251ADB29380B
                                                                                                                  SHA-512:32CE822616E9952CCFF5A4977C78385BE1EE383D39F6775E082818B353EBA3263C233A30B9937D4CDAA3BFB105F8928DD7FFD8087A592226D706B697FD6E3808
                                                                                                                  Malicious:false
                                                                                                                  Preview:VLnk.....?......?......+................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 10, database pages 91, cookie 0x36, schema 4, UTF-8, version-valid-for 10
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):196608
                                                                                                                  Entropy (8bit):1.2650783602871667
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:8/2qOB1nxCkMdtSAELyKOMq+8yC8F/YfU5m+OlTLVumK:Bq+n0JH9ELyKOMq+8y9/OwJ
                                                                                                                  MD5:BA3AF3836068BC72ED121E91EC8C9FC7
                                                                                                                  SHA1:BC4DCFF2ABDAB617D7B24C2FE6676639E23C0617
                                                                                                                  SHA-256:6D44DDBBE9A83384497FAC4C79EE7D31F77EBDCE9B08697A6764233C0590DBC1
                                                                                                                  SHA-512:34A9867493FDDAEDF794A1B68C6D16FAFAD4C99BB7803A6569C795D45531486859512E3D5B678B68147FE1215AB2B738C30BD73E494A8F8D20A01E9500296ACE
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ .......[...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 11, database pages 7, cookie 0xb, schema 4, UTF-8, version-valid-for 11
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):14336
                                                                                                                  Entropy (8bit):1.412987895560518
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:fK3tjkSdj5IUltGhp22iSBg92RyWV0hJck102RyWV0hXxj/:ftSjGhp22iS1F0wkFF0j
                                                                                                                  MD5:F817F2C47DA8704C5077584382294FBD
                                                                                                                  SHA1:808D985022F271882B64A51E818476F8BC8D40DA
                                                                                                                  SHA-256:538549BC06F25C00D8327971FA657D6E79540A3B554114602D26067303ECADF8
                                                                                                                  SHA-512:E04B390D6964D75D8D6C27C3887D6B20488D4D1BBBEDA92497F776571F39DC61A3F76BD23980FA3D5EF1235EBFC47985E97AD1B7F2A079BAE86C2DFC30F31FA6
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..................n..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\QuotaManager

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):40960
                                                                                                                  Entropy (8bit):0.41235120905181716
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcB:v7doKsKuKZKlZNmu46yjx
                                                                                                                  MD5:981F351994975A68A0DD3ECE5E889FD0
                                                                                                                  SHA1:080D3386290A14A68FCE07709A572AF98097C52D
                                                                                                                  SHA-256:3F0C0B2460E0AA2A94E0BF79C8944F2F4835D2701249B34A13FD200F7E5316D7
                                                                                                                  SHA-512:C5930797C46EEC25D356BAEB6CFE37E9F462DEE2AE8866343B2C382DBAD45C1544EF720D520C4407F56874596B31EFD6822B58A9D3DAE6F85E47FF802DBAA20B
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\arbitration_service_config.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text, with very long lines (3951), with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):11755
                                                                                                                  Entropy (8bit):5.190465908239046
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:hH4vrmqRBB4W4PoiUDNaxvR5FCHFcoaSbqGEDI:hH4vrmUB6W4jR3GaSbqGEDI
                                                                                                                  MD5:07301A857C41B5854E6F84CA00B81EA0
                                                                                                                  SHA1:7441FC1018508FF4F3DBAA139A21634C08ED979C
                                                                                                                  SHA-256:2343C541E095E1D5F202E8D2A0807113E69E1969AF8E15E3644C51DB0BF33FBF
                                                                                                                  SHA-512:00ADE38E9D2F07C64648202F1D5F18A2DFB2781C0517EAEBCD567D8A77DBB7CB40A58B7C7D4EC03336A63A20D2E11DD64448F020C6FF72F06CA870AA2B4765E0
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "DefaultCohort": {.. "21f3388b-c2a5-4791-8f6e-a4cad6d17f4f.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.BingHomePage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Covid.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Finance.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Jobs.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.KnowledgeCard.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Local.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NTP3PCLICK.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.NotifySearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Recipe.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.SearchPage.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Sports.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Travel.Bubble": 1,.. "2354565a-f412-4654-b89c-f92eaa9dbd20.Weather.Bubble": 1,.. "2cb2db96-3bd0-403e-abe2-9269b3761041.Bubble": 1,.

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\databases\Databases.db

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):28672
                                                                                                                  Entropy (8bit):0.3410017321959524
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                  MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                  SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                  SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                  SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\e1a1c29a-bd60-4f08-b852-6cfb724a6513.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):13140
                                                                                                                  Entropy (8bit):5.287034304903858
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:stNPGQSumsRelfOfhPQbGjpQx6WVaTYAQ:s7OXuqlGfubGWxhaTYAQ
                                                                                                                  MD5:FBBE123E3E19D5E7021FE797D5A690A5
                                                                                                                  SHA1:B81EEB8D784390541C704C98537CDEFEA345FAC1
                                                                                                                  SHA-256:1956BD062A277BE0C8FB6CB2144F264BFE81CF9BC45F05F1167FBC680E159F4E
                                                                                                                  SHA-512:4F3810FC7F3FC574729778223EB7AF060E71B6A64B6B17AFC6BA4CC511E868DB8E29873099A3D59F36BC32A4223BF5F9707B9B9215C16BA6D2C90C5125AC113E
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13370097243992551","alternate_error_pages":{"backup":true},"apps":{"shortcuts_arch":"","shortcuts_version":0},"arbitration_experiences":{},"arbitration_local_nsat_reset_time":"13340900603634208","arbitration_using_experiment_config":false,"autocomplete":{"retention_policy_last_version":117},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false,"history_in_shoreline_activated":true,"hub_app_non_synced_preferences":{"apps":{"06be1ebe-f23a-4bea-ae45-3120ad86cfea":{"last_path":""},"0c835d2d-9592-4c7a-8d0a-0e283c9ad3cd":{"last_path":""},"168a2510-04d5-473e-b6a0-828815a7ca5f":{"last_path":""},"1ec8a5a9-971c-4c82-a104-5e1a259456b8":{"last_path":""},"2354565a-f412-4654-b89c-f92eaa9dbd20":{"last_path":""},"25fe2d1d-e934-482a-a62f-ea1705db905d":{"last_path":""},"2caf0cf4-ea42-4083-b928-29b39da1182b":{"last_path":""},"2cb2db96-3bd0-403e-abe2-9269b3761041":{"last_path":""},"35a43603-bb38-4b53-ba20-932cb9117

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\ff7cd265-f8e0-4dd3-a413-0326c99fdb29.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):40504
                                                                                                                  Entropy (8bit):5.5609493331114885
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:eYltrc7pLGLv1rWP+Efgg8F1+UoAYDCx9Tuqh0VfUC9xbog/OVsTvAec+rwMGToU:eYltrAcv1rWP+Efggu1jaVTvFcbMGTBN
                                                                                                                  MD5:4B4EFF63077F635D689C2595CE97FE94
                                                                                                                  SHA1:F50669F7203FD999D6CC3067D6E8D1FFD6E54DB4
                                                                                                                  SHA-256:BE2879BE857D8224C40AB304664AAB4BB1493BAF03410FDD8D2223B73C1C1CF9
                                                                                                                  SHA-512:10EECC0C7004ABAC09F4F5CAF8335470A28C6AD94DC405091EE0853BD8943F957C183A50EBEFBFADA43E0B51B681E8D7746CF3F9676B156F0434BF202C01A7AB
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"edge_fundamentals_appdefaults":{"ess_lightweight_version":101},"ess_kv_states":{"restore_on_startup":{"closed_notification":false,"decrypt_success":true,"key":"restore_on_startup","notification_popup_count":0},"startup_urls":{"closed_notification":false,"decrypt_success":true,"key":"startup_urls","notification_popup_count":0},"template_url_data":{"closed_notification":false,"decrypt_success":true,"key":"template_url_data","notification_popup_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"app_launcher_ordinal":"t","commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13370097243326854","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13370097243326854","location":5,"ma

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-shm

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):32768
                                                                                                                  Entropy (8bit):0.11577614739786367
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:WtPswtPsepEjVl/PnnnnnnnnnnnnnnnvoQsUQo8AGS:WtPJtPFoPnnnnnnnnnnnnnnnvN3zd
                                                                                                                  MD5:1031F7A0709887B1381F6D816E119E1E
                                                                                                                  SHA1:E4FE3A5D8E63E5ED0F40F9D09D3006AC1B2074B1
                                                                                                                  SHA-256:1380C4FA16505DF85A0575F05F65D9C2E786DB9D6EFE023B42ADDCDCB5D849D3
                                                                                                                  SHA-512:CD71F6DE84B0B180EAE5631B22F5EE19C379DC96A7DF00D7AAF078B73A2AD9358016EBA52D8343130F97601C3B6E87B43DD7B379C5A85565CD8018832353CEF5
                                                                                                                  Malicious:false
                                                                                                                  Preview:..-.............].......@...-...4..}...6T.u3\...-.............].......@...-...4..}...6T.u3\.........Y...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):383192
                                                                                                                  Entropy (8bit):1.0800795687357168
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:384:G2qoeZapDcGwKdo87SjSxcTJez3SJNzWSJgzDSSJLzlSJ3zy:MoeOcGwKdoiSWCTwzCPzRmzDl5zA1zy
                                                                                                                  MD5:97A41C92ADFADD012019897CAC1E89CE
                                                                                                                  SHA1:5C62B19154CE446EB589491C0BF24EC39F3F5D6D
                                                                                                                  SHA-256:9A3296742FDDFE2E0AFCF18E94BC6C82A82533721B1555A85B15B3ADBE634C23
                                                                                                                  SHA-512:F20D21A51C7009917B61297DDBC55550A628BCAA24A8051D7027032343B21C0A735188FF6C1A71D4BD7E9FABEB402C1C4D38961C34A3CD1D22C3A62DAA89F23E
                                                                                                                  Malicious:false
                                                                                                                  Preview:7....-...........4..}...8.?L.0.........4..}........C.SQLite format 3......@ ..........................................................................j.............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):723
                                                                                                                  Entropy (8bit):3.2076821485152673
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:Wlc8NOuuuuuuuuuuuuuuuuuuuuuuuGa8FF5:iDm
                                                                                                                  MD5:46D14E590E440D7F68849753A581D4BF
                                                                                                                  SHA1:7725A30B17CC5C6793CA12E96A5664660852A375
                                                                                                                  SHA-256:9F0BFE81B151A341FEF6256FE008E0B4D1A071F830AFDAD263868B3EA7FB100C
                                                                                                                  SHA-512:1D4B472643DD4739C57D6EE3738E92D666EF9EC187AD7AA4FD2DB9F552E25255D904F8574E51EE687BB86F10B15D8EE54E293300A124500744B8B22C56EBAE53
                                                                                                                  Malicious:false
                                                                                                                  Preview:A..r.................20_1_1...1.,U.................20_1_1...1..}0................39_config..........6.....n ....1u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=...............u}.=.................{i0................39_config..........6.....n ....1V.e................V.e................V.e................V.e................V.e................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):324
                                                                                                                  Entropy (8bit):5.194229811137499
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:P+yq2P923oH+TcwtfrK+IFUt82n1Zmw+2xRkwO923oH+TcwtfrUeLJ:P+yv4Yeb23FUt821/+2xR5LYeb3J
                                                                                                                  MD5:1D112EEC3A9212485A1622EBF574F0FF
                                                                                                                  SHA1:766BC4ECE3B1126C6D02E1E6451446B4A6304809
                                                                                                                  SHA-256:681D961292671DF36EF3E83864218B310A5FD4BB82D540462AF85A4BE6F57D5D
                                                                                                                  SHA-512:FC3CBC4AD88AF4DA7ACBBD8EB10066D7D174D05E937CD35F79D28FF9308326FB8F10BBE81835ABDB247228D55A32041640A049CEBBE2FCE69FABFF3113301290
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:04.090 1d54 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/09/06-07:54:04.091 1d54 Recovering log #3.2024/09/06-07:54:04.091 1d54 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG.old (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):324
                                                                                                                  Entropy (8bit):5.194229811137499
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:P+yq2P923oH+TcwtfrK+IFUt82n1Zmw+2xRkwO923oH+TcwtfrUeLJ:P+yv4Yeb23FUt821/+2xR5LYeb3J
                                                                                                                  MD5:1D112EEC3A9212485A1622EBF574F0FF
                                                                                                                  SHA1:766BC4ECE3B1126C6D02E1E6451446B4A6304809
                                                                                                                  SHA-256:681D961292671DF36EF3E83864218B310A5FD4BB82D540462AF85A4BE6F57D5D
                                                                                                                  SHA-512:FC3CBC4AD88AF4DA7ACBBD8EB10066D7D174D05E937CD35F79D28FF9308326FB8F10BBE81835ABDB247228D55A32041640A049CEBBE2FCE69FABFF3113301290
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:04.090 1d54 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/MANIFEST-000001.2024/09/06-07:54:04.091 1d54 Recovering log #3.2024/09/06-07:54:04.091 1d54 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):787
                                                                                                                  Entropy (8bit):4.059252238767438
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:G0nYUtTNop//z3p/Uz0RuWlJhC+lvBavRtin01zvZDEtlkyBrgxvB1ys:G0nYUtypD3RUovhC+lvBOL+t3IvB8s
                                                                                                                  MD5:D8D8899761F621B63AD5ED6DF46D22FE
                                                                                                                  SHA1:23E6A39058AB3C1DEADC0AF2E0FFD0D84BB7F1BE
                                                                                                                  SHA-256:A5E0A78EE981FB767509F26021E1FA3C506F4E86860946CAC1DC4107EB3B3813
                                                                                                                  SHA-512:4F89F556138C0CF24D3D890717EB82067C5269063C84229E93F203A22028782902FA48FB0154F53E06339F2FDBE35A985CE728235EA429D8D157090D25F15A4E
                                                                                                                  Malicious:false
                                                                                                                  Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_.....,.1..................19_.....QL.s.................18_.....<.J|.................37_...... .A.................38_..........................39_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_......`...................37_..........................38_......\e..................39_.....dz.|.................9_.....'\c..................9_.......f-.................__global... .|.&R.................__global... ./....................__global... ..T...................__global... ...G..................__global... .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):342
                                                                                                                  Entropy (8bit):5.194406111038676
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:PZyq2P923oH+TcwtfrzAdIFUt8211Zmw+2jRkwO923oH+TcwtfrzILJ:PZyv4Yeb9FUt82X/+2jR5LYeb2J
                                                                                                                  MD5:3AC4C534277ABD6EBD48BB806F9980CB
                                                                                                                  SHA1:951D4BD8A89F68FE1AF84C1D35F1CF4EA09A4773
                                                                                                                  SHA-256:E12675C2290A66F14E93C3D36DAE2ABB0085610A8D18BE0A2E9DBB7A5FF31BE1
                                                                                                                  SHA-512:7316227FF8B5C778D1872BCB0FD81371D850440878CF49C3F902EC144468962B503DE848E18E89AA96B6603E662A9E2EBF436F83AAF45834C394B6308071487E
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:04.037 1d54 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/09/06-07:54:04.039 1d54 Recovering log #3.2024/09/06-07:54:04.039 1d54 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):342
                                                                                                                  Entropy (8bit):5.194406111038676
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:PZyq2P923oH+TcwtfrzAdIFUt8211Zmw+2jRkwO923oH+TcwtfrzILJ:PZyv4Yeb9FUt82X/+2jR5LYeb2J
                                                                                                                  MD5:3AC4C534277ABD6EBD48BB806F9980CB
                                                                                                                  SHA1:951D4BD8A89F68FE1AF84C1D35F1CF4EA09A4773
                                                                                                                  SHA-256:E12675C2290A66F14E93C3D36DAE2ABB0085610A8D18BE0A2E9DBB7A5FF31BE1
                                                                                                                  SHA-512:7316227FF8B5C778D1872BCB0FD81371D850440878CF49C3F902EC144468962B503DE848E18E89AA96B6603E662A9E2EBF436F83AAF45834C394B6308071487E
                                                                                                                  Malicious:false
                                                                                                                  Preview:2024/09/06-07:54:04.037 1d54 Reusing MANIFEST C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/MANIFEST-000001.2024/09/06-07:54:04.039 1d54 Recovering log #3.2024/09/06-07:54:04.039 1d54 Reusing old log C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata/000003.log .

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Browser

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):120
                                                                                                                  Entropy (8bit):3.32524464792714
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:tbloIlrJFlXnpQoWcNylRjlgbYnPdJiG6R7lZAUAl:tbdlrYoWcV0n1IGi7kBl
                                                                                                                  MD5:A397E5983D4A1619E36143B4D804B870
                                                                                                                  SHA1:AA135A8CC2469CFD1EF2D7955F027D95BE5DFBD4
                                                                                                                  SHA-256:9C70F766D3B84FC2BB298EFA37CC9191F28BEC336329CC11468CFADBC3B137F4
                                                                                                                  SHA-512:4159EA654152D2810C95648694DD71957C84EA825FCCA87B36F7E3282A72B30EF741805C610C5FA847CA186E34BDE9C289AAA7B6931C5B257F1D11255CD2A816
                                                                                                                  Malicious:false
                                                                                                                  Preview:C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.\.A.p.p.l.i.c.a.t.i.o.n.\.m.s.e.d.g.e...e.x.e.

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):13
                                                                                                                  Entropy (8bit):2.7192945256669794
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:NYLFRQI:ap2I
                                                                                                                  MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                  SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                  SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                  SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                  Malicious:false
                                                                                                                  Preview:117.0.2045.47

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):44137
                                                                                                                  Entropy (8bit):6.090712509106165
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMOwuF9hDO6vP6O+Rtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEw6Mtbz8hu3VlXr4CRo1
                                                                                                                  MD5:17DD1A5AE82F5B0A07C0D31863B848A9
                                                                                                                  SHA1:2E009D4F1D255A376D16D445CF93D8467656C918
                                                                                                                  SHA-256:5A54E3DF7E740F8E7FE3256B074E098D8E79A44DB2583B4BC060B3F8CBAE4060
                                                                                                                  SHA-512:3D09110441FA267C416CA9788DB53706654FC37B8FF9797D074975463CE6844C2A747BE60BD1750C580B809FE292A0BFBDD19EB9281AF516E33DEE22494696EE
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF33847.TMP (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):44137
                                                                                                                  Entropy (8bit):6.090712509106165
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMOwuF9hDO6vP6O+Rtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEw6Mtbz8hu3VlXr4CRo1
                                                                                                                  MD5:17DD1A5AE82F5B0A07C0D31863B848A9
                                                                                                                  SHA1:2E009D4F1D255A376D16D445CF93D8467656C918
                                                                                                                  SHA-256:5A54E3DF7E740F8E7FE3256B074E098D8E79A44DB2583B4BC060B3F8CBAE4060
                                                                                                                  SHA-512:3D09110441FA267C416CA9788DB53706654FC37B8FF9797D074975463CE6844C2A747BE60BD1750C580B809FE292A0BFBDD19EB9281AF516E33DEE22494696EE
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF33857.TMP (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):44137
                                                                                                                  Entropy (8bit):6.090712509106165
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMOwuF9hDO6vP6O+Rtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEw6Mtbz8hu3VlXr4CRo1
                                                                                                                  MD5:17DD1A5AE82F5B0A07C0D31863B848A9
                                                                                                                  SHA1:2E009D4F1D255A376D16D445CF93D8467656C918
                                                                                                                  SHA-256:5A54E3DF7E740F8E7FE3256B074E098D8E79A44DB2583B4BC060B3F8CBAE4060
                                                                                                                  SHA-512:3D09110441FA267C416CA9788DB53706654FC37B8FF9797D074975463CE6844C2A747BE60BD1750C580B809FE292A0BFBDD19EB9281AF516E33DEE22494696EE
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF33a89.TMP (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):44137
                                                                                                                  Entropy (8bit):6.090712509106165
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMOwuF9hDO6vP6O+Rtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEw6Mtbz8hu3VlXr4CRo1
                                                                                                                  MD5:17DD1A5AE82F5B0A07C0D31863B848A9
                                                                                                                  SHA1:2E009D4F1D255A376D16D445CF93D8467656C918
                                                                                                                  SHA-256:5A54E3DF7E740F8E7FE3256B074E098D8E79A44DB2583B4BC060B3F8CBAE4060
                                                                                                                  SHA-512:3D09110441FA267C416CA9788DB53706654FC37B8FF9797D074975463CE6844C2A747BE60BD1750C580B809FE292A0BFBDD19EB9281AF516E33DEE22494696EE
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF3617a.TMP (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):44137
                                                                                                                  Entropy (8bit):6.090712509106165
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMOwuF9hDO6vP6O+Rtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEw6Mtbz8hu3VlXr4CRo1
                                                                                                                  MD5:17DD1A5AE82F5B0A07C0D31863B848A9
                                                                                                                  SHA1:2E009D4F1D255A376D16D445CF93D8467656C918
                                                                                                                  SHA-256:5A54E3DF7E740F8E7FE3256B074E098D8E79A44DB2583B4BC060B3F8CBAE4060
                                                                                                                  SHA-512:3D09110441FA267C416CA9788DB53706654FC37B8FF9797D074975463CE6844C2A747BE60BD1750C580B809FE292A0BFBDD19EB9281AF516E33DEE22494696EE
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF44b6d.TMP (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):44137
                                                                                                                  Entropy (8bit):6.090712509106165
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMOwuF9hDO6vP6O+Rtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEw6Mtbz8hu3VlXr4CRo1
                                                                                                                  MD5:17DD1A5AE82F5B0A07C0D31863B848A9
                                                                                                                  SHA1:2E009D4F1D255A376D16D445CF93D8467656C918
                                                                                                                  SHA-256:5A54E3DF7E740F8E7FE3256B074E098D8E79A44DB2583B4BC060B3F8CBAE4060
                                                                                                                  SHA-512:3D09110441FA267C416CA9788DB53706654FC37B8FF9797D074975463CE6844C2A747BE60BD1750C580B809FE292A0BFBDD19EB9281AF516E33DEE22494696EE
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Local State~RF4a8bf.TMP (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):44137
                                                                                                                  Entropy (8bit):6.090712509106165
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMOwuF9hDO6vP6O+Rtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEw6Mtbz8hu3VlXr4CRo1
                                                                                                                  MD5:17DD1A5AE82F5B0A07C0D31863B848A9
                                                                                                                  SHA1:2E009D4F1D255A376D16D445CF93D8467656C918
                                                                                                                  SHA-256:5A54E3DF7E740F8E7FE3256B074E098D8E79A44DB2583B4BC060B3F8CBAE4060
                                                                                                                  SHA-512:3D09110441FA267C416CA9788DB53706654FC37B8FF9797D074975463CE6844C2A747BE60BD1750C580B809FE292A0BFBDD19EB9281AF516E33DEE22494696EE
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Nurturing\campaign_history

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):20480
                                                                                                                  Entropy (8bit):0.5963118027796015
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:TLyeuAFUxOUDaabZXiDiIF8izX4fhhdWeci2oesJaYi3isTydBVzQd9U9ez/qS9i:TLyXOUOq0afDdWec9sJz+Z7J5fc
                                                                                                                  MD5:48A6A0713B06707BC2FE9A0F381748D3
                                                                                                                  SHA1:043A614CFEF749A49837F19F627B9D6B73F15039
                                                                                                                  SHA-256:2F2006ADEA26E5FF95198883A080C9881D774154D073051FC69053AF912B037B
                                                                                                                  SHA-512:4C04FFAE2B558EB4C05AD9DCA094700D927AFAD1E561D6358F1A77CB09FC481A6424237DFF6AB37D147E029E19D565E876CD85A2E9C0EC1B068002AA13A16DBA
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2031089
                                                                                                                  Entropy (8bit):4.001520023041349
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:49152:MgPY2N/MR+DgVFIlq6hhN7X4VrgKk+lClVSa4YsxeUOolPKRayAH09bnwBXQ0a/n:H
                                                                                                                  MD5:ED58082D636AA9D295D155761D11449F
                                                                                                                  SHA1:77CF60CD0FD7E00635EC5D6B0B5D1635E6BCB444
                                                                                                                  SHA-256:006470F6343DAA9F9EF3200AF2C5474309FD8844A3E035F5F17C415C4591739F
                                                                                                                  SHA-512:92B74A34D9F9472F685767C4077219B17C4C47EDA7AEB4507B9D5E5A44CB3B45F2038B556943DD01D542C6623E7DD342BA6BE48E2769650D9E82CD7D70FB451D
                                                                                                                  Malicious:false
                                                                                                                  Preview:.........{ .*..{.....{. ...{aaaaagfgdnjcdkncmfkfinnjaiapdblgaaaaaogokkamlflcoccdihncmbgcmflnaaaaaoipnhppjgickhnmdbgfbicakiamaaaaapdcjfaomkafnbpoclmfakjianjdaaaaapiecopgelmleoolpjapkgpglkcbaaaabcdhikdcpainmmjceakmkacogdkoaaaabdgnnajpalbdkkdnknbbbmndbilaaaaabfkbnfjnjldicllofdmjchdancccaaaabgphkbebbdbcibgbppdidkelfoigaaaabibhgjnbdelbcijfciclijhdkgohaaaabmldebjdieoplgdecloipkabiibcaaaaboojhahjgdjeknnemneiajjhhddiaaaabpccljmmhilhhndnjkobdedbpkjpaaaacmnkhlfjgehagffhnhdjfankefglaaaacnnimempmlomnnhdkimkfahjplfpaaaadbhonifkcheeddllhmpapnhcpgiaaaaadbkccgigjdmfmdhgikcckicldhjbaaaadbolalgmogecpogmlebfkpigmpdjaaaaehbfjkafkfgppkjageehakfakfbmaaaaehbppmedegafehiimempeifadcinaaaageoepbmnopkkfeadndbijdghellgaaaagfdmgcibcnlmgiipapnfocaocfneaaaagjojmcedjoignaljgmnihajfhhlpaaaaglldojfgdeaijnfefaggkfjekomeaaaaiihjniipljfegaknmbkneamnoajdaaaainjigbjlofcjekbnjnpiegecbnbaaaaaiognmpgbjoffachmpnnppfnokcbeaaaajcpbcbckoiafnblkdhnldokclbhiaaaajfoihhopfmnlhlnlhogjonmllocoaaaajhoimomebpcfopjpgkbbjdnldoihaaaakdafje

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Safe Browsing\ChromeExtMalware.store_new

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2031089
                                                                                                                  Entropy (8bit):4.001520023041349
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:49152:MgPY2N/MR+DgVFIlq6hhN7X4VrgKk+lClVSa4YsxeUOolPKRayAH09bnwBXQ0a/n:H
                                                                                                                  MD5:ED58082D636AA9D295D155761D11449F
                                                                                                                  SHA1:77CF60CD0FD7E00635EC5D6B0B5D1635E6BCB444
                                                                                                                  SHA-256:006470F6343DAA9F9EF3200AF2C5474309FD8844A3E035F5F17C415C4591739F
                                                                                                                  SHA-512:92B74A34D9F9472F685767C4077219B17C4C47EDA7AEB4507B9D5E5A44CB3B45F2038B556943DD01D542C6623E7DD342BA6BE48E2769650D9E82CD7D70FB451D
                                                                                                                  Malicious:false
                                                                                                                  Preview:.........{ .*..{.....{. ...{aaaaagfgdnjcdkncmfkfinnjaiapdblgaaaaaogokkamlflcoccdihncmbgcmflnaaaaaoipnhppjgickhnmdbgfbicakiamaaaaapdcjfaomkafnbpoclmfakjianjdaaaaapiecopgelmleoolpjapkgpglkcbaaaabcdhikdcpainmmjceakmkacogdkoaaaabdgnnajpalbdkkdnknbbbmndbilaaaaabfkbnfjnjldicllofdmjchdancccaaaabgphkbebbdbcibgbppdidkelfoigaaaabibhgjnbdelbcijfciclijhdkgohaaaabmldebjdieoplgdecloipkabiibcaaaaboojhahjgdjeknnemneiajjhhddiaaaabpccljmmhilhhndnjkobdedbpkjpaaaacmnkhlfjgehagffhnhdjfankefglaaaacnnimempmlomnnhdkimkfahjplfpaaaadbhonifkcheeddllhmpapnhcpgiaaaaadbkccgigjdmfmdhgikcckicldhjbaaaadbolalgmogecpogmlebfkpigmpdjaaaaehbfjkafkfgppkjageehakfakfbmaaaaehbppmedegafehiimempeifadcinaaaageoepbmnopkkfeadndbijdghellgaaaagfdmgcibcnlmgiipapnfocaocfneaaaagjojmcedjoignaljgmnihajfhhlpaaaaglldojfgdeaijnfefaggkfjekomeaaaaiihjniipljfegaknmbkneamnoajdaaaainjigbjlofcjekbnjnpiegecbnbaaaaaiognmpgbjoffachmpnnppfnokcbeaaaajcpbcbckoiafnblkdhnldokclbhiaaaajfoihhopfmnlhlnlhogjonmllocoaaaajhoimomebpcfopjpgkbbjdnldoihaaaakdafje

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):47
                                                                                                                  Entropy (8bit):4.3818353308528755
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                  MD5:48324111147DECC23AC222A361873FC5
                                                                                                                  SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                  SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                  SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                  Malicious:false
                                                                                                                  Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):35
                                                                                                                  Entropy (8bit):4.014438730983427
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                  MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                  SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                  SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                  SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"forceServiceDetermination":false}

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):50
                                                                                                                  Entropy (8bit):3.9904355005135823
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:0xXF/XctY5GUf+:0RFeUf+
                                                                                                                  MD5:E144AFBFB9EE10479AE2A9437D3FC9CA
                                                                                                                  SHA1:5AAAC173107C688C06944D746394C21535B0514B
                                                                                                                  SHA-256:EB28E8ED7C014F211BD81308853F407DF86AEBB5F80F8E4640C608CD772544C2
                                                                                                                  SHA-512:837D15B3477C95D2D71391D677463A497D8D9FFBD7EB42E412DA262C9B5C82F22CE4338A0BEAA22C81A06ECA2DF7A9A98B7D61ECACE5F087912FD9BA7914AF3F
                                                                                                                  Malicious:false
                                                                                                                  Preview:topTraffic_170540185939602997400506234197983529371

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):575056
                                                                                                                  Entropy (8bit):7.999649474060713
                                                                                                                  Encrypted:true
                                                                                                                  SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                  MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                  SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                  SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                  SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                  Malicious:false
                                                                                                                  Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Variations

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):86
                                                                                                                  Entropy (8bit):4.3751917412896075
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQw:YQ3Kq9X0dMgAEwj2
                                                                                                                  MD5:16B7586B9EBA5296EA04B791FC3D675E
                                                                                                                  SHA1:8890767DD7EB4D1BEAB829324BA8B9599051F0B0
                                                                                                                  SHA-256:474D668707F1CB929FEF1E3798B71B632E50675BD1A9DCEAAB90C9587F72F680
                                                                                                                  SHA-512:58668D0C28B63548A1F13D2C2DFA19BCC14C0B7406833AD8E72DFC07F46D8DF6DED46265D74A042D07FBC88F78A59CB32389EF384EC78A55976DFC2737868771
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":2}

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\cb43984d-f32d-4675-9ece-fe0f1ac44733.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):45898
                                                                                                                  Entropy (8bit):6.087575060973389
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:mMGQ7FCYXGIgtDAWtJ4n98eBWhDO6vP6OpT8ah/puGPeFD8VQavCAoBGoup1Xl3O:mMGQ5XMBG98y613yavRoBhu3VlXr4j
                                                                                                                  MD5:6502FF542A30F3313C10B2DF3A0F1A7C
                                                                                                                  SHA1:B310D13633AB9BFE64D308672E577B0C7B8703D0
                                                                                                                  SHA-256:2CFB4A76308536C6B91A0024CF6800D5FCC660CCCC8BD439593509F2CE309CB8
                                                                                                                  SHA-512:6F6CD93142A464B41C65C0CEEC5EDE2ABF56AB3FD3AC9F3B96D1A4919DF3C08CD7AAC64AD8904F3FBC64511AE6B689E7A592FE752E188A2F646A6145ECCC0CD0
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"abusive_adblocker_etag":"\"5E25271B8190D943537AD3FDB50874FC133E8B4A00380E2A6A888D63386F728B\"","browser":{"browser_build_version":"117.0.2045.47","browser_version_of_last_seen_whats_new":"117.0.2045.47","last_seen_whats_new_page_version":"117.0.2045.47"},"desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL1dWZPktpH+KxP9ZDtU6GMujfykHY9txVpHyHIoYh2ODhBEkWiCAAdHVbEc/u+bCVb1dE8RqEqOdh806mbzw8VEXshM/PuKb27vha2luF9LHqKT96KVoru3G+mcquXVN/++4sOgleBBWeOvvvnn4YGs7wcLz8erb65+HMKPMVx9dVXbnisDT4wMa612TNj+6j9fUSA+xFpZPyH/9dVVQig59Wx4L5+Cwzjg799ubt/jJP48zeE9TuHwDjYBc/Ew+Ktvbv/z1ZWoe+rsjB4/7Abr5U+ajz9LXo9Px+21Mk1hoo/oX6HHjTLyKTjYyMJmCbLnO/hZMpjFAjSvxOIhbxgi5FK85m+ZCkuQu7UyKoxLO97yIFoYvbAluiw2oRoYgIQ2nG2AqJY2U+koRXQbbMm3fMsEX9JMK3GLbeAvNjhrlo5GOJiTA/oXLTdG6qXtmMBDiyS59PvY7eCklyb4QcfFi7tpdwu3VBt1XNorvM4+RiU6+CjD0kb+pHz7rRm3rXSyzABnWdKBG+Ijlx7hEE4QTzo+AB6fnDLLJBpo7PKv8Ob367/KjUg

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Edge\User Data\ccbd2453-130e-4de6-80ce-f1b98ff227ac.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):44137
                                                                                                                  Entropy (8bit):6.090712509106165
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:zDXzgWPsj/qlGJqIY8GB4kkBMOwuF9hDO6vP6O+Rtbzy70FqHoPFkGoup1Xl3jVu:z/Ps+wsI7ynEw6Mtbz8hu3VlXr4CRo1
                                                                                                                  MD5:17DD1A5AE82F5B0A07C0D31863B848A9
                                                                                                                  SHA1:2E009D4F1D255A376D16D445CF93D8467656C918
                                                                                                                  SHA-256:5A54E3DF7E740F8E7FE3256B074E098D8E79A44DB2583B4BC060B3F8CBAE4060
                                                                                                                  SHA-512:3D09110441FA267C416CA9788DB53706654FC37B8FF9797D074975463CE6844C2A747BE60BD1750C580B809FE292A0BFBDD19EB9281AF516E33DEE22494696EE
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"abusive_adblocker_etag":"\"229EC35087C81534A88F41A12F3A505F330A0BE57C43F6CEB29F4718042EFC4F\"","desktop_mode":{"clear_prefs_once_applied":true,"is_on":false,"is_on_by_default_applied":true,"is_search_only_on_by_default_applied":true},"domain_actions_config":"H4sIAAAAAAAAAL19a4/cNpboXzH60+4gRbvbrzj7aTbj2Ql2MhlkswhwF4MGRVISWxQp81FVqkH++z2HUrXbLkndh51dBHba1XX4PDzvxz+v+P76VjipxG2teExe3YpWie7W7ZX3Wqqr7/55xYfBaMGjdjZcffc/8wdK3g4OPh+vvrv6aYg/pXj1zZV0PdcWPrEq1kYfmXD91W/fUEBCTFK7MEH+45urDKHVNLPlvXoIHMcB//3H/fX3uIk/T3v4HrcwfweHgL0EWPzVd9e/fXMlZE/dnTXjx+Pggvq74ePPisvx4bqD0bbZ2Og99K8w415b9RA4usTivgSy50f4WTHYRQE0r0TxkvcMIVQpvOHvmY4lkMdaWx3H0okPPIoWVi/cFl5uDqEbWICCMbxrAKlKh6lMUiL5PY4UWn5ggpcM0yp8Ynv4jYve2dLVCA978oD/ouXWKlM6jo08toiSpffjDoNXQdkYBpOKD3ffHgufVJtMKp0Vvs4+JS06uJShdJA/6dD+0Y6HVnm1TQAXSdJMDfEjnz/CJVxAPJh4Brj/5JJYZtZAI5d/gW/+WP9F7UWmyTTSsQFstY3KSrd5MJfw8x4ffriwzR5P5lZboOXq2cwPcaHxvO+5N1vU6gKw18K74OqIVMGrwcGWi+B3/fhgiJ2sSYzY4W5ZcE8FcFZJr/eKGfyLMJOray0KIOCL4cFk21LCwm0jIsXbWhuge7fO3sKot+GggT0

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2278
                                                                                                                  Entropy (8bit):3.8453689522118943
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:uiTrlKxrgxUxl9Il8uSruz6hwAGs2c4feWN9ZiybE7nQ5xNKfd1rc:mJYWuzKB4feW7EU5xNKo
                                                                                                                  MD5:B4AA53464F8FBE2A1E9ABBA09307EC53
                                                                                                                  SHA1:E330FCB9171BEA6551DF9CD40FE86CC24004C1A8
                                                                                                                  SHA-256:C4023303EF488822324631B3BDD6D3B579E1E2C9103430F733543862D3B4E456
                                                                                                                  SHA-512:41F4FF20259969F64C8DF80921C46BB7B5391B5316BC03D132AE3BC5E5016346FB9B5C4785C349FD728DF045227F949FFAB142BF3EA803521BD13D9E62BB0A5A
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.K.t.e.2.1.s.A.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.M.1.D.g.2.D.

                                                                                                                  C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\cf7513a936f7effbb38627e56f8d1fce10eb12cc.tbres

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):4622
                                                                                                                  Entropy (8bit):3.9978599107620933
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:EYw6EZHKaIF8EKPyT5rZTeWUR5l03hs4LBUWEgcNl84:EME5KaIF8HPYtehWgpNlZ
                                                                                                                  MD5:64111FE6CA4A89099AE178C1D48129B2
                                                                                                                  SHA1:3BC957F61EFBFB2FC3A2938B3330A647049EF906
                                                                                                                  SHA-256:2FF7DF076498357CB14543437AD7BF35FFA418F4BC4C4BB29CAAFCF48F648BF3
                                                                                                                  SHA-512:6A4D3779A1D88B6E9891314D8D4AC647739510D52BEC9AAB4DBF6CB3108C2354A71B84D3E227F8EF5DC310770AC874990135D194FBA5E16EC35A3B36DB422392
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".z.3.U.T.q.T.b.3.7./.u.z.h.i.f.l.b.4.0.f.z.h.D.r.E.s.w.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".p.h.c.r.w.V.M.A.2.w.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.w.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.M.1.D.g.2.D.

                                                                                                                  C:\Users\user\AppData\Local\Temp\14ce4b31-956e-4134-8f42-7d38227db73d.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):11185
                                                                                                                  Entropy (8bit):7.951995436832936
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                  MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                  SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                  SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                  SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                  Malicious:false
                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                  C:\Users\user\AppData\Local\Temp\47293f43-4586-44ab-bcb0-2bf73f367d4e.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:very short file (no magic)
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1
                                                                                                                  Entropy (8bit):0.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:L:L
                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                  Malicious:false
                                                                                                                  Preview:.

                                                                                                                  C:\Users\user\AppData\Local\Temp\5213b2ae-d78f-49fd-a5d3-5df42adf0429.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 693860
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):523959
                                                                                                                  Entropy (8bit):7.9982710847367855
                                                                                                                  Encrypted:true
                                                                                                                  SSDEEP:12288:Ufz/HGRLTpYZBWqYw902J0jz/H9mf+x4AsLXZ+E70G8OlmP6:UrGhTABEw9LmjzPO+x4AsLXZbx8OJ
                                                                                                                  MD5:1E749A4D79BE1C900E563B48CDD32DD0
                                                                                                                  SHA1:BBFC3BF76B387E7CC00DF6388E1F932A0538130B
                                                                                                                  SHA-256:A08D8DAEFB3564618E9F8AEAF55E3E34DD8E61101FAE281155A2B942549C8A28
                                                                                                                  SHA-512:CCBE97D867DD78027D34D9A3AA53CB6EE277E6409511115442546B5DB6C80564F955968E2EF9B2C11FEE768B4D28642CC54511BB091EFAE5FB9F498C140BD7F4
                                                                                                                  Malicious:false
                                                                                                                  Preview:............o.6.........I....d[.z.6l.=...dIV...q..0...Iyk.C..8.R...v\7.....u..'..r...=.w..W.}..V_....W7......~..........<..f.-.O...l....a.../....l.m.e..kv.Y.n...~......}...ww..uSt.U..o.O...G..4w..|...........]]..y../..W.n...........".y..WB.2*C.7..W.4.....M...I..\&.($...."'....Y.e..o.7y.K.......oZ2.?..qW.O.$.............<.kV`2)G..%,...2.."Q..M.....}g.M`qa.x.Z_....N"......~.~.....;..4.....XEX...B0.Q=.'...z.,.|.>.5..W.6..$\RaT.&.m.%.b.2.....5#[..\...z.j.j|......~RN....@p.C.1.j.}..}..Z..Co'.i.%.TZ...O=%.`.J+............Y|.....mp.6...;v...l?...!..?"Q....a....'.8...)..)7..N...B.8...Yj.?..........V../...g....C..i.....IN...P..P.@.....N..u/...FJ.A<N<..gD. #..6....N.F.....C......4..........?R@.K../-%..P...|.././.o..?#K......%..=.8;........J..............6"..2.........jI....A..W.3......[.....$...>.%iJ..g..A...._....B.>.r...G.5.....$.P[.....J..r.y.4.KE.Lj/)i".w..Ig./.k?.....l../Z.f......"|%.-..T.....).l."Q..j*>%..E.J6...l...^.f.=`%./.l......7$D

                                                                                                                  C:\Users\user\AppData\Local\Temp\558fdf5f-588e-46f2-b66d-6808c0ff83d2.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1366x720, components 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):206855
                                                                                                                  Entropy (8bit):7.983996634657522
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3072:5WcDW3D2an0GMJGqJCj+1ZxdmdopHjHTFYPQyairiVoo4XSWrPoiXvJddppWmEI5:l81Lel7E6lEMVo/S01fDpWmEgD
                                                                                                                  MD5:788DF0376CE061534448AA17288FEA95
                                                                                                                  SHA1:C3B9285574587B3D1950EE4A8D64145E93842AEB
                                                                                                                  SHA-256:B7FB1D3C27E04785757E013EC1AC4B1551D862ACD86F6888217AB82E642882A5
                                                                                                                  SHA-512:3AA9C1AA00060753422650BBFE58EEEA308DA018605A6C5287788C3E2909BE876367F83B541E1D05FE33F284741250706339010571D2E2D153A5C5A107D35001
                                                                                                                  Malicious:false
                                                                                                                  Preview:......Exif..II*.................Ducky.......2......Adobe.d...........................................................#"""#''''''''''..................................................!! !!''''''''''........V.."....................................................................................!1..AQ..aq."2....R..T....Br.#S.U..b..3Cs...t6.c.$D.5uV...4d.E&....%F......................!1..AQaq....."2......BRbr3CS....#..4.............?......1f.n..T......TP....E...........P.....@.........E..@......E.P........@........E.....P.P..A@@.E..@.P.P..AP.P..AP..@....T..AP.E..P.Z .. ....."... .....7.H...w.....t.....T....M.."... P..n.n..t5..*B.P..*(.................*.....................( ..................*.. .".... .".......(.. .".....*.. ....o......E.6... ..*..."........."J......Ah......@.@@....:@{6..wCp..3...((.(......................*...@..(...."....................*......*.. ........T.......@.@@........AP.P..@.E@....E@.d.E@.@@..@.P.T..@..@..P.D...@M........EO..."...=.wCp.....R......P.@......

                                                                                                                  C:\Users\user\AppData\Local\Temp\763c8923-5a31-4b29-9bf0-4849ac4128e8.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):135751
                                                                                                                  Entropy (8bit):7.804610863392373
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                                                                  MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                                                                  SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                                                                  SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                                                                  SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                                                                  Malicious:false
                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                                                                                  C:\Users\user\AppData\Local\Temp\c1e781f9-2771-4fbd-a274-ba49e2e13243.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:very short file (no magic)
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1
                                                                                                                  Entropy (8bit):0.0
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:L:L
                                                                                                                  MD5:5058F1AF8388633F609CADB75A75DC9D
                                                                                                                  SHA1:3A52CE780950D4D969792A2559CD519D7EE8C727
                                                                                                                  SHA-256:CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
                                                                                                                  SHA-512:0B61241D7C17BCBB1BAEE7094D14B7C451EFECC7FFCBD92598A0F13D313CC9EBC2A07E61F007BAF58FBF94FF9A8695BDD5CAE7CE03BBF1E94E93613A00F25F21
                                                                                                                  Malicious:false
                                                                                                                  Preview:.

                                                                                                                  C:\Users\user\AppData\Local\Temp\cv_debug.log

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2110
                                                                                                                  Entropy (8bit):5.404102389457614
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:Yzj57SnaJ57H57Uv5W1Sj5W175zuR5z+5zn071eDJk5c1903bj5jJp0gcU854RrG:8e2Fa116uCntc5toYVpyMM
                                                                                                                  MD5:35312DE1F5DD161117D6C5A9CE4EC9C6
                                                                                                                  SHA1:22087015F559F8AF907B4455A1F97AD8F8A6022C
                                                                                                                  SHA-256:FEB8C2170024FA6BA7860C62E05954D4D41F9B128BC5B9E3599C346FB1AE880E
                                                                                                                  SHA-512:5C28FEC0FD59F7F4E30635E87DA43B5441FEE9EE365F13A248241DA64451BD372AB7B5C53A035659BCEC068631B8C4C7EFEBB8B312090A6A0C2CE2B78B0E788D
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"logTime": "1004/133448", "correlationVector":"vYS73lRT+EoO2Owh9jsc+Y","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"n/KhuHPhHmYXokB31+JZz7","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"fclQx26bUZO07waFEDe6Fn","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133448", "correlationVector":"0757l0tkKt37vNrdCKAm8w","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"uTRRkmbbqkgK/wPBCS4fct","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/133449", "correlationVector":"2DrXipL1ngF91RN7IemK0e","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"d0GyjEgnW85fvDIojHVIXI","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"PvfzGWRutB/kmuXUK+c8XA","action":"EXTENSION_UPDATER", "result":""}.{"logTime": "1004/134324", "correlationVector":"29CB75FBC4C942E0817A1F7A0E2CF647

                                                                                                                  C:\Users\user\AppData\Local\Temp\f7e88b1c-f1f0-4a8b-a758-f2d321ded1bb.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 41900
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):76321
                                                                                                                  Entropy (8bit):7.996057445951542
                                                                                                                  Encrypted:true
                                                                                                                  SSDEEP:1536:hS5Vvm808scZeEzFrSpzBUl4MZIGM/iys3BBrYunau6wpGzxue:GdS8scZNzFrMa4M+lK5/nXexue
                                                                                                                  MD5:D7A1AC56ED4F4D17DD0524C88892C56D
                                                                                                                  SHA1:4153CA1A9A4FD0F781ECD5BA9D2A1E68C760ECD4
                                                                                                                  SHA-256:0A29576C4002D863B0C5AE7A0B36C0BBEB0FB9AFD16B008451D4142C07E1FF2B
                                                                                                                  SHA-512:31503F2F6831070E887EA104296E17EE755BB6BBFB1EF2A15371534BFA2D3F0CD53862389625CF498754B071885A53E1A7F82A3546275DB1F4588E0E80BF7BEE
                                                                                                                  Malicious:false
                                                                                                                  Preview:...........m{..(.}...7.\...N.D*.w..m..q....%XfL.*I.ql..;/.....s...E...0....`..A..[o^.^Y...F_.'.*.."L...^.......Y..W..l...E0..YY...:.&.u?....J..U<.q."...p.ib:.g.*.^.q.mr.....^&.{.E.....,EAp.q.......=.=.....z^.,d.^..J.R..zI4..2b?.-D5/.^...+.G..Y..?5..k........i.,.T#........_DV....P..d2......b\..L....o....Z.}../....CU.$.-..D9`..~......=....._.2O..?....b.{...7IY.L..q....K....T..5m.d.s.4.^... ..~<..7~6OS..b...^>.......s..n....k."..G.....L...z.U...... ... .ZY...,...kU1..N...(..V.r\$..s...X.It...x.mr..W....g........9DQR....*d......;L.S.....G... .._D.{.=.zI.g.Y~...`T..p.yO..4......8$..v.J..I.%..._.d.[..du5._._...?\..8.c.....U...fy.t....q.t....T@.......:zu..\,.!.I..AN_.....FeX..h.c.i.W.......(.....Y..F...R%.\..@.. 2(e,&.76..F+...l.t.$..`...........Wi.{.U.&(.b}...}.i..,...k....!..%...&.c..D-."..SQ.......q9....)j....7.".N....AX...).d./giR....uk.....s.....^...........:...~......(hP..K.@.&..?.E0:+D|9...U.q.cu..)t{.e...X...{.....z......LL&I6.=.

                                                                                                                  C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):32768
                                                                                                                  Entropy (8bit):0.4593089050301797
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                  MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                  SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                  SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                  SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                  Malicious:false
                                                                                                                  Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_1573798377\14ce4b31-956e-4134-8f42-7d38227db73d.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):11185
                                                                                                                  Entropy (8bit):7.951995436832936
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:YEKh1jNlwQbamjq6Bcykrs3kAVg55GzVQM5F+XwsxNv7/lsoltBq0WG4ZeJTmrRb:fKT/BAzA05Gn5F+XV7NNltrWG4kJTm1b
                                                                                                                  MD5:78E47DDA17341BED7BE45DCCFD89AC87
                                                                                                                  SHA1:1AFDE30E46997452D11E4A2ADBBF35CCE7A1404F
                                                                                                                  SHA-256:67D161098BE68CD24FEBC0C7B48F515F199DDA72F20AE3BBB97FCF2542BB0550
                                                                                                                  SHA-512:9574A66D3756540479DC955C4057144283E09CAE11CE11EBCE801053BB48E536E67DC823B91895A9E3EE8D3CB27C065D5E9030C39A26CBF3F201348385B418A5
                                                                                                                  Malicious:false
                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........N.......E#......9e.u.q...VYY..@.+.C..k.O..bK.`..6.G..%.....3Z...e _.6....F..1p..K.Z......./ .3...OT..`..0...Y...FT..43.th.y...}....p.L...2S.&i.`..o...f.oH.....N..:..ijT.3.F{.0.,.f?'f.CQt;b_"Pc.. ..~S.I.c.8Z.;.....{G.a......k...>.`.o..%.$>;.....g.............jg?.R..@.:..........&..{...x@.Py..;kT....%F".S..w...N....9...A..@X.t!i.@..1;......1E..X.....[.~$....J......;=T.;)k..Y...$......S......M.P..P..>..=..u.....2p...w.9..1qw.a\A..Vj .C.....A..Cf1.r6.A...L. _m...[..l.Wr_../.. .B..9!.!+..ZG.K.......0.."0...*.H.............0.........^SUd%Q.L].......Cl2o...\[.....'*...;R=....N.C5....d. .....J.C>u.kr..Y..syJC.XS.q..E.n?....(G.5..)2.G..!.M.SS.{..U....!.EE..M[.#qs.A.1...g)nQ.c..G....Bd..7... .O.BI..KXQ..4.d.K.0......g.....-p....Z.E{...M&.~n.TE7..{0....5.#.C+3.y)pd9.e.........@..3.9..B.....I....2nX........2.?.~..S....]G.N.....Lr.O.Ve....9..D1.G..W)...P.?=.#..7.R.lz..a.wX.e..h.h.~....v..RP.@X....d.G

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_1573798377\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1753
                                                                                                                  Entropy (8bit):5.8889033066924155
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:Pxpr7Xka2NXDpfsBJODI19Kg1JqcJW9O//JE3ZBDcpu/x:L3XgNSz9/4kIO3u3Xgpq
                                                                                                                  MD5:738E757B92939B24CDBBD0EFC2601315
                                                                                                                  SHA1:77058CBAFA625AAFBEA867052136C11AD3332143
                                                                                                                  SHA-256:D23B2BA94BA22BBB681E6362AE5870ACD8A3280FA9E7241B86A9E12982968947
                                                                                                                  SHA-512:DCA3E12DD5A9F1802DB6D11B009FCE2B787E79B9F730094367C9F26D1D87AF1EA072FF5B10888648FB1231DD83475CF45594BB0C9915B655EE363A3127A5FFC2
                                                                                                                  Malicious:false
                                                                                                                  Preview:[.. {.. "description": "treehash per file",.. "signed_content": {.. "payload": "eyJpdGVtX2lkIjoiam1qZmxnanBjcGVwZWFmbW1nZHBma29na2doY3BpaGEiLCJpdGVtX3ZlcnNpb24iOiIxLjIuMSIsInByb3RvY29sX3ZlcnNpb24iOjEsImNvbnRlbnRfaGFzaGVzIjpbeyJmb3JtYXQiOiJ0cmVlaGFzaCIsImRpZ2VzdCI6InNoYTI1NiIsImJsb2NrX3NpemUiOjQwOTYsImhhc2hfYmxvY2tfc2l6ZSI6NDA5NiwiZmlsZXMiOlt7InBhdGgiOiJjb250ZW50LmpzIiwicm9vdF9oYXNoIjoiQS13R1JtV0VpM1lybmxQNktneUdrVWJ5Q0FoTG9JZnRRZGtHUnBEcnp1QSJ9LHsicGF0aCI6ImNvbnRlbnRfbmV3LmpzIiwicm9vdF9oYXNoIjoiVU00WVRBMHc5NFlqSHVzVVJaVTFlU2FBSjFXVENKcHhHQUtXMGxhcDIzUSJ9LHsicGF0aCI6Im1hbmlmZXN0Lmpzb24iLCJyb290X2hhc2giOiJKNXYwVTkwRmN0ejBveWJMZmZuNm5TbHFLU0h2bHF2YkdWYW9FeWFOZU1zIn1dfV19",.. "signatures": [.. {.. "header": {.. "kid": "publisher".. },.. "protected": "eyJhbGciOiJSUzI1NiJ9",.. "signature": "UglEEilkOml5P1W0X6wc-_dB87PQB73uMir11923av57zPKujb4IUe_lbGpn7cRZsy6x-8i9eEKxAW7L2TSmYqrcp4XtiON6ppcf27FWACXOUJDax9wlMr-EOtyZhykCnB9vR

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_1573798377\CRX_INSTALL\content.js

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (8031), with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):9815
                                                                                                                  Entropy (8bit):6.1716321262973315
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3zEScQZBMX:+ThBVq3npozftROQIyVfjRZGB365Ey97
                                                                                                                  MD5:3D20584F7F6C8EAC79E17CCA4207FB79
                                                                                                                  SHA1:3C16DCC27AE52431C8CDD92FBAAB0341524D3092
                                                                                                                  SHA-256:0D40A5153CB66B5BDE64906CA3AE750494098F68AD0B4D091256939EEA243643
                                                                                                                  SHA-512:315D1B4CC2E70C72D7EB7D51E0F304F6E64AC13AE301FD2E46D585243A6C936B2AD35A0964745D291AE9B317C316A29760B9B9782C88CC6A68599DB531F87D59
                                                                                                                  Malicious:false
                                                                                                                  Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_1573798377\CRX_INSTALL\content_new.js

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:Unicode text, UTF-8 text, with very long lines (8604), with no line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):10388
                                                                                                                  Entropy (8bit):6.174387413738973
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:+ThBV4L3npstQp6VRtROQGZ0UyVg4jq4HWeGBnUi65Ep4HdlyKyjFN3EbmE1F4fn:+ThBVq3npozftROQIyVfjRZGB365Ey9+
                                                                                                                  MD5:3DE1E7D989C232FC1B58F4E32DE15D64
                                                                                                                  SHA1:42B152EA7E7F31A964914F344543B8BF14B5F558
                                                                                                                  SHA-256:D4AA4602A1590A4B8A1BCE8B8D670264C9FB532ADC97A72BC10C43343650385A
                                                                                                                  SHA-512:177E5BDF3A1149B0229B6297BAF7B122602F7BD753F96AA41CCF2D15B2BCF6AF368A39BB20336CCCE121645EC097F6BEDB94666C74ACB6174EB728FBFC43BC2A
                                                                                                                  Malicious:false
                                                                                                                  Preview:(()=>{"use strict";var e={1:(e,o)=>{Object.defineProperty(o,"__esModule",{value:!0}),o.newCwsPromotionalButtonCta=o.chromeToEdgeCwsButtonCtaMapping=void 0,o.chromeToEdgeCwsButtonCtaMapping={"...... ... Chrome":"...... ....","........ .. Chrome":".....",........:"..........",".......... .. Chrome":"..........","Chrome . .....":"...","Chrome .... ....":"....","Afegeix a Chrome":"Obt.n","Suprimeix de Chrome":"Suprimeix","P.idat do Chromu":"Z.skat","Odstranit z Chromu":"Odebrat","F.j til Chrome":"F.","Fjern fra Chrome":"Fjerne",Hinzuf.gen:"Abrufen","Aus Chrome entfernen":"Entfernen","Add to Chrome":"Get","Remove from Chrome":"Remove","A.adir a Chrome":"Obtener",Desinstalar:"Quitar","Agregar a Chrome":"Obtener","Eliminar de Chrome":"Quitar","Lisa Chrome'i":"Hangi","Chrome'ist eemaldamine":"Eemalda",.......H:"........","......... ... .. Chr

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_1573798377\CRX_INSTALL\manifest.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):962
                                                                                                                  Entropy (8bit):5.698567446030411
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1Hg9+D3DRnbuF2+sUrzUu+Y9VwE+Fg41T1O:NBqY+6E+F7JO
                                                                                                                  MD5:E805E9E69FD6ECDCA65136957B1FB3BE
                                                                                                                  SHA1:2356F60884130C86A45D4B232A26062C7830E622
                                                                                                                  SHA-256:5694C91F7D165C6F25DAF0825C18B373B0A81EA122C89DA60438CD487455FD6A
                                                                                                                  SHA-512:049662EF470D2B9E030A06006894041AE6F787449E4AB1FBF4959ADCB88C6BB87A957490212697815BB3627763C01B7B243CF4E3C4620173A95795884D998A75
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "content_scripts": [ {.. "js": [ "content.js" ],.. "matches": [ "https://chrome.google.com/webstore/*" ].. }, {.. "js": [ "content_new.js" ],.. "matches": [ "https://chromewebstore.google.com/*" ].. } ],.. "description": "Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.",.. "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu06p2Mjoy6yJDUUjCe8Hnqvtmjll73XqcbylxFZZWe+MCEAEK+1D0Nxrp0+IuWJL02CU3jbuR5KrJYoezA36M1oSGY5lIF/9NhXWEx5GrosxcBjxqEsdWv/eDoOOEbIvIO0ziMv7T1SUnmAA07wwq8DXWYuwlkZU/PA0Mxx0aNZ5+QyMfYqRmMpwxkwPG8gyU7kmacxgCY1v7PmmZo1vSIEOBYrxl064w5Q6s/dpalSJM9qeRnvRMLsszGY/J2bjQ1F0O2JfIlBjCOUg/89+U8ZJ1mObOFrKO4um8QnenXtH0WGmsvb5qBNrvbWNPuFgr2+w5JYlpSQ+O8zUCb8QZwIDAQAB",.. "manifest_version": 3,.. "name": "Edge relevant text changes",.. "update_url": "https://edge.microsoft.com/extensionwebstorebase/v1/crx",.. "version": "1.2.1"..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\763c8923-5a31-4b29-9bf0-4849ac4128e8.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:Google Chrome extension, version 3
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):135751
                                                                                                                  Entropy (8bit):7.804610863392373
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:h+OX7O5AeBWdSq2Zso2iDNjF3dNUPOTy61NVo8OJXhQXXUWFMOiiBIHWI7YyjM/8:pVdSj9hjVn6Oj5fOJR+k0iiW2IPMaIul
                                                                                                                  MD5:83EF25FBEE6866A64F09323BFE1536E0
                                                                                                                  SHA1:24E8BD033CD15E3CF4F4FF4C8123E1868544AC65
                                                                                                                  SHA-256:F421D74829F2923FD9E5A06153E4E42DB011824C33475E564B17091598996E6F
                                                                                                                  SHA-512:C699D1C9649977731EEA0CB4740C4BEAACEEC82AECC43F9F2B1E5625C487C0BC45FA08A1152A35EFBDB3DB73B8AF3625206315D1F9645A24E1969316F9F5B38C
                                                                                                                  Malicious:false
                                                                                                                  Preview:Cr24..............0.."0...*.H.............0.........^...1"...w.g..t..2J.G1.)X4..=&.?[j,Lz..j.u.e[I.q*Ba/X...P.h..L.....2%3_o.......H.)'.=.e...?.......j..3UH.|.X.M..u..s[.*..?$....F%....I....)..,-./.e5).f..O.q.^........9..(.._.ph2..^.YBPXf_8....h[.v...S.*1`.#..5.SF.:f-.#.65.i..b.]9...y2.'....k[..........1...c@e.J.~..A...(9=...I.N.e..T......6.7..*.Kk?....]<.S(.....9}........$..6...:...9..b|B..8..I..7.8K\.KIn7.:.!^;.H........8.....,.\....b..uC...e?..E.U.........P..G..u!+......C.)Kw...............4..Qye..=$..Q.......?Oi.,O.RW6.k.+.&. .wu..tf....[0Y0...*.H.=....*.H.=....B..............r...2..+Y.I...k..bR.j5Sl..8.......H"i.-l..`.Q.{...G0E. ..r.....p..~..3.1.vD.i.]...~...!...<..4KV.~y.).`........>E.NT.%1".%............o.....J._.H.B..w..C......UU.&C..fB&..|..i..J......I.??^.Z.....Y....0^......?...o.....O.~......W.....~.......R..z.Ma...u]..*..-.n....2s<....E..6.<..W.H.qh....:j.y...N.D.]Nj....../..a...{....g.....f).~._....1q..L..#.G...Q.w...J."

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\128.png

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):4982
                                                                                                                  Entropy (8bit):7.929761711048726
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:L7Rf7U1ylWb3KfyEfOXE+PIcvBirQFiAql1ZwKREkXCSAk:pTvWqfD+gl0sAql1u7kySAk
                                                                                                                  MD5:913064ADAAA4C4FA2A9D011B66B33183
                                                                                                                  SHA1:99EA751AC2597A080706C690612AEEEE43161FC1
                                                                                                                  SHA-256:AFB4CE8882EF7AE80976EBA7D87F6E07FCDDC8E9E84747E8D747D1E996DEA8EB
                                                                                                                  SHA-512:162BF69B1AD5122C6154C111816E4B87A8222E6994A72743ED5382D571D293E1467A2ED2FC6CC27789B644943CF617A56DA530B6A6142680C5B2497579A632B5
                                                                                                                  Malicious:false
                                                                                                                  Preview:.PNG........IHDR..............>a....=IDATx..]}...U..;...O.Q..QH.I(....v..E....GUb*..R[.4@%..hK..B..(.B..". ....&)U#.%...jZ...JC.8.....{.cfvgf.3;.....}ow.....{...P.B...*T.P.B...*Tx...=.Q..wv.w.....|.e.1.$.P.?..l_\.n.}...~.g.....Q...A.f....m.....{,...C2 %..X.......FE.1.N..f...Q..D.K87.....:g..Q.{............3@$.8.....{.....q....G.. .....5..y......)XK..F...D.......... ."8...J#.eM.i....H.E.....a.RIP.`......)..T.....! .[p`X.`..L.a....e. .T..2.....H..p$..02...j....\..........s{...Ymm~.a........f.$./.[.{..C.2:.0..6..]....`....NW.....0..o.T..$;k.2......_...k..{,.+........{..6...L..... .dw...l$..}...K...EV....0......P...e....k....+Go....qw.9.1...X2\..qfw0v.....N...{...l.."....f.A..I..+#.v....'..~E.N-k.........{...l.$..ga..1...$......x$X=}.N..S..B$p..`..`.ZG:c..RA.(.0......Gg.A.I..>...3u.u........_..KO.m.........C...,..c.......0...@_..m...-..7.......4LZ......j@.......\..'....u. QJ.:G..I`.w'B0..w.H..'b.0- ......|..}./.....e..,.K.1........W.u.v. ...\.o

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\af\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):908
                                                                                                                  Entropy (8bit):4.512512697156616
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:1HASvgMTCBxNB+kCIww3v+BBJ/wjsV8lCBxeBeRiGTCSU8biHULaBg/4srCBhUJJ:1HAkkJ+kCIwEg/wwbw0PXa22QLWmSDg
                                                                                                                  MD5:12403EBCCE3AE8287A9E823C0256D205
                                                                                                                  SHA1:C82D43C501FAE24BFE05DB8B8F95ED1C9AC54037
                                                                                                                  SHA-256:B40BDE5B612CFFF936370B32FB0C58CC205FC89937729504C6C0B527B60E2CBA
                                                                                                                  SHA-512:153401ECDB13086D2F65F9B9F20ACB3CEFE5E2AEFF1C31BA021BE35BF08AB0634812C33D1D34DA270E5693A8048FC5E2085E30974F6A703F75EA1622A0CA0FFD
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "SKEP NUWE".. },.. "explanationofflinedisabled": {.. "message": "Jy is vanlyn. As jy Google Dokumente sonder 'n internetverbinding wil gebruik, moet jy die volgende keer as jy aan die internet gekoppel is na instellings op die Google Dokumente-tuisblad gaan en vanlynsinkronisering aanskakel.".. },.. "explanationofflineenabled": {.. "message": "Jy is vanlyn, maar jy kan nog steeds beskikbare l.ers redigeer of nuwes skep.".. },.. "extdesc": {.. "message": "Skep, wysig en bekyk jou dokumente, sigblaaie en aanbiedings . alles sonder toegang tot die internet.".. },.. "extname": {.. "message": "Google Vanlyn Dokumente".. },.. "learnmore": {.. "message": "Kom meer te wete".. },.. "popuphelptext": {.. "message": "Skryf, redigeer en werk saam, waar jy ook al is, met of sonder 'n internetverbinding.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\am\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1285
                                                                                                                  Entropy (8bit):4.702209356847184
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HAn6bfEpxtmqMI91ivWjm/6GcCIoToCZzlgkX/Mj:W6bMt3MITFjm/Pcd4oCZhg6k
                                                                                                                  MD5:9721EBCE89EC51EB2BAEB4159E2E4D8C
                                                                                                                  SHA1:58979859B28513608626B563138097DC19236F1F
                                                                                                                  SHA-256:3D0361A85ADFCD35D0DE74135723A75B646965E775188F7DCDD35E3E42DB788E
                                                                                                                  SHA-512:FA3689E8663565D3C1C923C81A620B006EA69C99FB1EB15D07F8F45192ED9175A6A92315FA424159C1163382A3707B25B5FC23E590300C62CBE2DACE79D84871
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "... ...".. },.. "explanationofflinedisabled": {.. "message": "..... .. .... Google ..... ........ ..... ..... .Google .... ... .. .. .. ..... .... ....... .. ....... ... .. .. ..... .. ..... ....".. },.. "explanationofflineenabled": {.. "message": "..... .. .... ... .. .... .... ..... .... ... ..... .... .....".. },.. "extdesc": {.. "message": "...... ..... .... ... .. ..... ...... ..... .... .. ..... . .... .. ...... .....".. },.. "extname": {.. "message": "..... .. Goog

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\ar\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1244
                                                                                                                  Entropy (8bit):4.5533961615623735
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:1HASvgPCBxNhieFTr9ogjIxurIyJCCBxeh6wAZKn7uCSUhStuysUm+WCBhSueW1Y:1HAgJzoaC6VEn7Css8yoXzzd
                                                                                                                  MD5:3EC93EA8F8422FDA079F8E5B3F386A73
                                                                                                                  SHA1:24640131CCFB21D9BC3373C0661DA02D50350C15
                                                                                                                  SHA-256:ABD0919121956AB535E6A235DE67764F46CFC944071FCF2302148F5FB0E8C65A
                                                                                                                  SHA-512:F40E879F85BC9B8120A9B7357ED44C22C075BF065F45BEA42BD5316AF929CBD035D5D6C35734E454AEF5B79D378E51A77A71FA23F9EBD0B3754159718FCEB95C
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ....".. },.. "explanationofflinedisabled": {.. "message": "... ... ...... ........ ....... Google ... ..... .......... ..... ... ......... .. ...... ........ ........ Google ..... ........ ... ..... .. ..... ....... .... .... .... ..........".. },.. "explanationofflineenabled": {.. "message": "... ... ...... .... .. .... ....... ..... ....... ....... .. ..... ..... ......".. },.. "extdesc": {.. "message": "..... ......... ...... ........ ....... ......... ........ ....... .. ... ... ..... .........".. },.. "extname": {.. "message": "....... Google ... ......".. },.. "learnmore": {.. "messa

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\az\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):977
                                                                                                                  Entropy (8bit):4.867640976960053
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HAWNjbwlmyuAoW32Md+80cVLdUSERHtRo3SjX:J3wlzs42m+8TV+S4H0CjX
                                                                                                                  MD5:9A798FD298008074E59ECC253E2F2933
                                                                                                                  SHA1:1E93DA985E880F3D3350FC94F5CCC498EFC8C813
                                                                                                                  SHA-256:628145F4281FA825D75F1E332998904466ABD050E8B0DC8BB9B6A20488D78A66
                                                                                                                  SHA-512:9094480379F5AB711B3C32C55FD162290CB0031644EA09A145E2EF315DA12F2E55369D824AF218C3A7C37DD9A276AEEC127D8B3627D3AB45A14B0191ED2BBE70
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "YEN.S.N. YARADIN".. },.. "explanationofflinedisabled": {.. "message": "Oflayns.n.z. Google S.n.di internet ba.lant.s. olmadan istifad. etm.k ist.yirsinizs., Google S.n.din .sas s.hif.sind. ayarlara gedin v. n.vb.ti d.f. internet. qo.ulanda oflayn sinxronizasiyan. aktiv edin.".. },.. "explanationofflineenabled": {.. "message": "Oflayns.n.z, amma m.vcud fayllar. redakt. ed. v. yenil.rini yarada bil.rsiniz.".. },.. "extdesc": {.. "message": "S.n.d, c.dv.l v. t.qdimatlar.n ham.s.n. internet olmadan redakt. edin, yarad.n v. bax.n.".. },.. "extname": {.. "message": "Google S.n.d Oflayn".. },.. "learnmore": {.. "message": ".trafl. M.lumat".. },.. "popuphelptext": {.. "message": "Harda olma..n.zdan v. internet. qo.ulu olub-olmad...n.zdan as.l. olmayaraq, yaz.n, redakt. edin v. .m.kda.l.q edin.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\be\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):3107
                                                                                                                  Entropy (8bit):3.535189746470889
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:YOWdTQ0QRk+QyJQAy6Qg4QWSe+QECTQLHQlQIfyQ0fnWQjQDrTQik+QvkZTQ+89b:GdTbyRvwgbCTEHQhyVues9oOT3rOCkV
                                                                                                                  MD5:68884DFDA320B85F9FC5244C2DD00568
                                                                                                                  SHA1:FD9C01E03320560CBBB91DC3D1917C96D792A549
                                                                                                                  SHA-256:DDF16859A15F3EB3334D6241975CA3988AC3EAFC3D96452AC3A4AFD3644C8550
                                                                                                                  SHA-512:7FF0FBD555B1F9A9A4E36B745CBFCAD47B33024664F0D99E8C080BE541420D1955D35D04B5E973C07725573E592CD0DD84FDBB867C63482BAFF6929ADA27CCDE
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"createnew":{"message":"\u0421\u0422\u0412\u0410\u0420\u042b\u0426\u042c \u041d\u041e\u0412\u042b"},"explanationofflinedisabled":{"message":"\u0412\u044b \u045e \u043f\u0430\u0437\u0430\u0441\u0435\u0442\u043a\u0430\u0432\u044b\u043c \u0440\u044d\u0436\u044b\u043c\u0435. \u041a\u0430\u0431 \u043a\u0430\u0440\u044b\u0441\u0442\u0430\u0446\u0446\u0430 \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u043c\u0456 Google \u0431\u0435\u0437 \u043f\u0430\u0434\u043a\u043b\u044e\u0447\u044d\u043d\u043d\u044f \u0434\u0430 \u0456\u043d\u0442\u044d\u0440\u043d\u044d\u0442\u0443, \u043f\u0435\u0440\u0430\u0439\u0434\u0437\u0456\u0446\u0435 \u0434\u0430 \u043d\u0430\u043b\u0430\u0434 \u043d\u0430 \u0433\u0430\u043b\u043e\u045e\u043d\u0430\u0439 \u0441\u0442\u0430\u0440\u043e\u043d\u0446\u044b \u0414\u0430\u043a\u0443\u043c\u0435\u043d\u0442\u0430\u045e Google \u0456 \u045e\u043a\u043b\u044e\u0447\u044b\u0446\u0435 \u0441\u0456\u043d\u0445\u0440\u0430\u043d\u0456\u0437\u0430\u0446\u044b\u044e

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\bg\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1389
                                                                                                                  Entropy (8bit):4.561317517930672
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HAp1DQqUfZ+Yann08VOeadclUZbyMzZzsYvwUNn7nOyRK8/nn08V7:g1UTfZ+Ya08Uey3tflCRE08h
                                                                                                                  MD5:2E6423F38E148AC5A5A041B1D5989CC0
                                                                                                                  SHA1:88966FFE39510C06CD9F710DFAC8545672FFDCEB
                                                                                                                  SHA-256:AC4A8B5B7C0B0DD1C07910F30DCFBDF1BCB701CFCFD182B6153FD3911D566C0E
                                                                                                                  SHA-512:891FCDC6F07337970518322C69C6026896DD3588F41F1E6C8A1D91204412CAE01808F87F9F2DEA1754458D70F51C3CEF5F12A9E3FC011165A42B0844C75EC683
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. .. .......... Google ......... ... ........ ......, ........ ........... . ......... ........ .. Google ......... . ........ ...... .............. ......... ..., ...... ..... ...... . .........".. },.. "explanationofflineenabled": {.. "message": "...... ..., .. ... ...... .. ........... ......... ....... ... .. ......... .....".. },.. "extdesc": {.. "message": "............, .......... . ............ ...... ........., .......... ....... . ........... . ...... .... ... ...... .. .........".. },..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\bn\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1763
                                                                                                                  Entropy (8bit):4.25392954144533
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HABGtNOtIyHmVd+q+3X2AFl2DhrR7FAWS9+SMzI8QVAEq8yB0XtfOyvU7D:oshmm/+H2Ml2DrFPS9+S99EzBd7D
                                                                                                                  MD5:651375C6AF22E2BCD228347A45E3C2C9
                                                                                                                  SHA1:109AC3A912326171D77869854D7300385F6E628C
                                                                                                                  SHA-256:1DBF38E425C5C7FC39E8077A837DF0443692463BA1FBE94E288AB5A93242C46E
                                                                                                                  SHA-512:958AA7CF645FAB991F2ECA0937BA734861B373FB1C8BCC001599BE57C65E0917F7833A971D93A7A6423C5F54A4839D3A4D5F100C26EFA0D2A068516953989F9D
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": ".... .... ....".. },.. "explanationofflinedisabled": {.. "message": ".... ....... ....... .... ......... ..... ..... Google ........ ....... ...., Google .......... ........ ....... ... ... .... ... .... ... ........... .... ....... .... ... ...... ..... .... .....".. },.. "explanationofflineenabled": {.. "message": ".... ....... ......, ...... .... .... ...... .......... ........ .... .. .... .... .... .... .......".. },.. "extdesc":

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\ca\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):930
                                                                                                                  Entropy (8bit):4.569672473374877
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:1HASvggoSCBxNFT0sXuqgEHQ2fTq9blUJYUJaw9CBxejZFPLOjCSUuE44pMiiDat:1HAtqs+BEHGpURxSp1iUPWCAXtRKe
                                                                                                                  MD5:D177261FFE5F8AB4B3796D26835F8331
                                                                                                                  SHA1:4BE708E2FFE0F018AC183003B74353AD646C1657
                                                                                                                  SHA-256:D6E65238187A430FF29D4C10CF1C46B3F0FA4B91A5900A17C5DFD16E67FFC9BD
                                                                                                                  SHA-512:E7D730304AED78C0F4A78DADBF835A22B3D8114FB41D67B2B26F4FE938B572763D3E127B7C1C81EBE7D538DA976A7A1E7ADC40F918F88AFADEA2201AE8AB47D0
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "CREA'N UN DE NOU".. },.. "explanationofflinedisabled": {.. "message": "No tens connexi.. Per utilitzar Documents de Google sense connexi. a Internet, ves a la configuraci. de la p.gina d'inici d'aquest servei i activa l'opci. per sincronitzar-se sense connexi. la propera vegada que estiguis connectat a la xarxa.".. },.. "explanationofflineenabled": {.. "message": "Tot i que no tens connexi., pots editar o crear fitxers.".. },.. "extdesc": {.. "message": "Edita, crea i consulta documents, fulls de c.lcul i presentacions, tot sense acc.s a Internet.".. },.. "extname": {.. "message": "Documents de Google sense connexi.".. },.. "learnmore": {.. "message": "M.s informaci.".. },.. "popuphelptext": {.. "message": "Escriu text, edita fitxers i col.labora-hi siguis on siguis, amb o sense connexi. a Internet.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\cs\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):913
                                                                                                                  Entropy (8bit):4.947221919047
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:1HASvgdsbCBxNBmobXP15Dxoo60n40h6qCBxeBeGG/9jZCSUKFPDLZ2B2hCBhPLm:1HApJmoZ5e50nzQhwAd7dvYB2kDSGGKs
                                                                                                                  MD5:CCB00C63E4814F7C46B06E4A142F2DE9
                                                                                                                  SHA1:860936B2A500CE09498B07A457E0CCA6B69C5C23
                                                                                                                  SHA-256:21AE66CE537095408D21670585AD12599B0F575FF2CB3EE34E3A48F8CC71CFAB
                                                                                                                  SHA-512:35839DAC6C985A6CA11C1BFF5B8B5E59DB501FCB91298E2C41CB0816B6101BF322445B249EAEA0CEF38F76D73A4E198F2B6E25EEA8D8A94EA6007D386D4F1055
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "VYTVO.IT".. },.. "explanationofflinedisabled": {.. "message": "Jste offline. Pokud chcete Dokumenty Google pou..vat bez p.ipojen. k.internetu, a. budete p...t. online, p.ejd.te do nastaven. na domovsk. str.nce Dokument. Google a.zapn.te offline synchronizaci.".. },.. "explanationofflineenabled": {.. "message": "Jste offline, ale st.le m..ete upravovat dostupn. soubory nebo vytv..et nov..".. },.. "extdesc": {.. "message": "Upravujte, vytv..ejte a.zobrazujte sv. dokumenty, tabulky a.prezentace . v.e bez p..stupu k.internetu.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Dal.. informace".. },.. "popuphelptext": {.. "message": "Pi.te, upravujte a.spolupracujte kdekoli, s.p.ipojen.m k.internetu i.bez n.j.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\cy\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):806
                                                                                                                  Entropy (8bit):4.815663786215102
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:YGo35xMxy6gLr4Dn1eBVa1xzxyn1VFQB6FDVgdAJex9QH7uy+XJEjENK32J21j:Y735+yoeeRG54uDmdXx9Q7u3r83Xj
                                                                                                                  MD5:A86407C6F20818972B80B9384ACFBBED
                                                                                                                  SHA1:D1531CD0701371E95D2A6BB5EDCB79B949D65E7C
                                                                                                                  SHA-256:A482663292A913B02A9CDE4635C7C92270BF3C8726FD274475DC2C490019A7C9
                                                                                                                  SHA-512:D9FBF675514A890E9656F83572208830C6D977E34D5744C298A012515BC7EB5A17726ADD0D9078501393BABD65387C4F4D3AC0CC0F7C60C72E09F336DCA88DE7
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"createnew":{"message":"CREU NEWYDD"},"explanationofflinedisabled":{"message":"Rydych chi all-lein. I ddefnyddio Dogfennau Google heb gysylltiad \u00e2'r rhyngrwyd, ewch i'r gosodiadau ar dudalen hafan Dogfennau Google a throi 'offine sync' ymlaen y tro nesaf y byddwch wedi'ch cysylltu \u00e2'r rhyngrwyd."},"explanationofflineenabled":{"message":"Rydych chi all-lein, ond gallwch barhau i olygu'r ffeiliau sydd ar gael neu greu rhai newydd."},"extdesc":{"message":"Gallwch olygu, creu a gweld eich dogfennau, taenlenni a chyflwyniadau \u2013 i gyd heb fynediad i'r rhyngrwyd."},"extname":{"message":"Dogfennau Google All-lein"},"learnmore":{"message":"DYSGU MWY"},"popuphelptext":{"message":"Ysgrifennwch, golygwch a chydweithiwch lle bynnag yr ydych, gyda chysylltiad \u00e2'r rhyngrwyd neu hebddo."}}.

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\da\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):883
                                                                                                                  Entropy (8bit):4.5096240460083905
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HA4EFkQdUULMnf1yo+9qgpukAXW9bGJTvDyqdr:zEFkegfw9qwAXWNs/yu
                                                                                                                  MD5:B922F7FD0E8CCAC31B411FC26542C5BA
                                                                                                                  SHA1:2D25E153983E311E44A3A348B7D97AF9AAD21A30
                                                                                                                  SHA-256:48847D57C75AF51A44CBF8F7EF1A4496C2007E58ED56D340724FDA1604FF9195
                                                                                                                  SHA-512:AD0954DEEB17AF04858DD5EC3D3B3DA12DFF7A666AF4061DEB6FD492992D95DB3BAF751AB6A59BEC7AB22117103A93496E07632C2FC724623BB3ACF2CA6093F3
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "OPRET NYT".. },.. "explanationofflinedisabled": {.. "message": "Du er offline. Hvis du vil bruge Google Docs uden en internetforbindelse, kan du g. til indstillinger p. startsiden for Google Docs og aktivere offlinesynkronisering, n.ste gang du har internetforbindelse.".. },.. "explanationofflineenabled": {.. "message": "Du er offline, men du kan stadig redigere tilg.ngelige filer eller oprette nye.".. },.. "extdesc": {.. "message": "Rediger, opret og se dine dokumenter, regneark og pr.sentationer helt uden internetadgang.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "F. flere oplysninger".. },.. "popuphelptext": {.. "message": "Skriv, rediger og samarbejd, uanset hvor du er, og uanset om du har internetforbindelse.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\de\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1031
                                                                                                                  Entropy (8bit):4.621865814402898
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HA6sZnqWd77ykJzCkhRhoe1HMNaAJPwG/p98HKpy2kX/R:WZqWxykJzthRhoQma+tpyHX2O/R
                                                                                                                  MD5:D116453277CC860D196887CEC6432FFE
                                                                                                                  SHA1:0AE00288FDE696795CC62FD36EABC507AB6F4EA4
                                                                                                                  SHA-256:36AC525FA6E28F18572D71D75293970E0E1EAD68F358C20DA4FDC643EEA2C1C5
                                                                                                                  SHA-512:C788C3202A27EC220E3232AE25E3C855F3FDB8F124848F46A3D89510C564641A2DFEA86D5014CEA20D3D2D3C1405C96DBEB7CCAD910D65C55A32FDCA8A33FDD4
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "NEU ERSTELLEN".. },.. "explanationofflinedisabled": {.. "message": "Sie sind offline. Um Google Docs ohne Internetverbindung zu verwenden, gehen Sie auf der Google Docs-Startseite auf \"Einstellungen\" und schalten die Offlinesynchronisierung ein, wenn Sie das n.chste Mal mit dem Internet verbunden sind.".. },.. "explanationofflineenabled": {.. "message": "Sie sind offline, aber k.nnen weiterhin verf.gbare Dateien bearbeiten oder neue Dateien erstellen.".. },.. "extdesc": {.. "message": "Mit der Erweiterung k.nnen Sie Dokumente, Tabellen und Pr.sentationen bearbeiten, erstellen und aufrufen.. ganz ohne Internetverbindung.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Weitere Informationen".. },.. "popuphelptext": {.. "message": "Mit oder ohne Internetverbindung: Sie k.nnen von .berall Dokumente erstellen, .ndern und zusammen mit anderen

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\el\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1613
                                                                                                                  Entropy (8bit):4.618182455684241
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HAJKan4EITDZGoziRAc2Z8eEfkTJfLhGX7b0UBNoAcGpVyhxefSmuq:SKzTD0IK85JlwsGOUyaSk
                                                                                                                  MD5:9ABA4337C670C6349BA38FDDC27C2106
                                                                                                                  SHA1:1FC33BE9AB4AD99216629BC89FBB30E7AA42B812
                                                                                                                  SHA-256:37CA6AB271D6E7C9B00B846FDB969811C9CE7864A85B5714027050795EA24F00
                                                                                                                  SHA-512:8564F93AD8485C06034A89421CE74A4E719BBAC865E33A7ED0B87BAA80B7F7E54B240266F2EDB595DF4E6816144428DB8BE18A4252CBDCC1E37B9ECC9F9D7897
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": ".......... ....".. },.. "explanationofflinedisabled": {.. "message": "..... ..... ......... ... .. ............... .. ....... Google ..... ....... ... ........., ......... .... ......... .... ...... ...... ... ........ Google ... ............. ... ........... ..... ........ ... ....... .... ... .. ..... ............ ... ..........".. },.. "explanationofflineenabled": {.. "message": "..... ..... ........ .... ........ .. .............. .. ......... ...... . .. ............. ... .......".. },.. "extdesc": {.. "message": ".............., ............ ... ..... .. ......., .

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\en\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):851
                                                                                                                  Entropy (8bit):4.4858053753176526
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                  MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                  SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                  SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                  SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):851
                                                                                                                  Entropy (8bit):4.4858053753176526
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3Pj1NzXW6iFryCBxesJGceKCSUuvNn3AwCBhUufz1tHaXRdAv:1HA3dj/BNzXviFrpj4sNQXJezAa6
                                                                                                                  MD5:07FFBE5F24CA348723FF8C6C488ABFB8
                                                                                                                  SHA1:6DC2851E39B2EE38F88CF5C35A90171DBEA5B690
                                                                                                                  SHA-256:6895648577286002F1DC9C3366F558484EB7020D52BBF64A296406E61D09599C
                                                                                                                  SHA-512:7ED2C8DB851A84F614D5DAF1D5FE633BD70301FD7FF8A6723430F05F642CEB3B1AD0A40DE65B224661C782FFCEC69D996EBE3E5BB6B2F478181E9A07D8CD41F6
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn More".. },.. "popuphelptext": {.. "message": "Write, edit, and collaborate wherever you are, with or without an internet connection.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\en_GB\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):848
                                                                                                                  Entropy (8bit):4.494568170878587
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:1HASvgg4eCBxNdN3vRyc1NzXW6iFrSCBxesJGceKCSUuvlvOgwCBhUufz1tnaXrQ:1HA3djfR3NzXviFrJj4sJXJ+bA6RM
                                                                                                                  MD5:3734D498FB377CF5E4E2508B8131C0FA
                                                                                                                  SHA1:AA23E39BFE526B5E3379DE04E00EACBA89C55ADE
                                                                                                                  SHA-256:AB5CDA04013DCE0195E80AF714FBF3A67675283768FFD062CF3CF16EDB49F5D4
                                                                                                                  SHA-512:56D9C792954214B0DE56558983F7EB7805AC330AF00E944E734340BE41C68E5DD03EDDB17A63BC2AB99BDD9BE1F2E2DA5BE8BA7C43D938A67151082A9041C7BA
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "CREATE NEW".. },.. "explanationofflinedisabled": {.. "message": "You're offline. To use Google Docs without an Internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the Internet.".. },.. "explanationofflineenabled": {.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extdesc": {.. "message": "Edit, create and view your documents, spreadsheets and presentations . all without Internet access.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Learn more".. },.. "popuphelptext": {.. "message": "Write, edit and collaborate wherever you are, with or without an Internet connection.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\en_US\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1425
                                                                                                                  Entropy (8bit):4.461560329690825
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HA6Krbbds5Kna/BNzXviFrpsCxKU4irpNQ0+qWK5yOJAaCB7MAa6:BKrbBs5Kna/BNzXvi3sCxKZirA0jWK5m
                                                                                                                  MD5:578215FBB8C12CB7E6CD73FBD16EC994
                                                                                                                  SHA1:9471D71FA6D82CE1863B74E24237AD4FD9477187
                                                                                                                  SHA-256:102B586B197EA7D6EDFEB874B97F95B05D229EA6A92780EA8544C4FF1E6BC5B1
                                                                                                                  SHA-512:E698B1A6A6ED6963182F7D25AC12C6DE06C45D14499DDC91E81BDB35474E7EC9071CFEBD869B7D129CB2CD127BC1442C75E408E21EB8E5E6906A607A3982B212
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createNew": {.. "description": "Text shown in the extension pop up for creating a new document",.. "message": "CREATE NEW".. },.. "explanationOfflineDisabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is disabled.",.. "message": "You're offline. To use Google Docs without an internet connection, go to settings on the Google Docs homepage and turn on offline sync the next time you're connected to the internet.".. },.. "explanationOfflineEnabled": {.. "description": "Text shown in the extension popup when the user is offline and offline is enabled.",.. "message": "You're offline, but you can still edit available files or create new ones.".. },.. "extDesc": {.. "description": "Extension description",.. "message": "Edit, create, and view your documents, spreadsheets, and presentations . all without internet access.".. },.. "extName": {.. "description": "Extension name",..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\es\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):961
                                                                                                                  Entropy (8bit):4.537633413451255
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:1HASvggeCBxNFxcw2CVcfamedatqWCCBxeFxCF/m+rWAaFQbCSUuExqIQdO06stp:1HAqn0gcfa9dc/5mCpmIWck02USfWmk
                                                                                                                  MD5:F61916A206AC0E971CDCB63B29E580E3
                                                                                                                  SHA1:994B8C985DC1E161655D6E553146FB84D0030619
                                                                                                                  SHA-256:2008F4FAAB71AB8C76A5D8811AD40102C380B6B929CE0BCE9C378A7CADFC05EB
                                                                                                                  SHA-512:D9C63B2F99015355ACA04D74A27FD6B81170750C4B4BE7293390DC81EF4CD920EE9184B05C61DC8979B6C2783528949A4AE7180DBF460A2620DBB0D3FD7A05CF
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "CREAR".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a Configuraci.n en la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que te conectes a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n. Aun as., puedes crear archivos o editar los que est.n disponibles.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones; todo ello, sin acceso a Internet.".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe o edita contenido y colabora con otras personas desde cualquier lugar, con o sin conexi.n a Internet.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\es_419\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):959
                                                                                                                  Entropy (8bit):4.570019855018913
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HARn05cfa9dcDmQOTtSprj0zaGUSjSGZ:+n0CfMcDmQOTQprj4qpC
                                                                                                                  MD5:535331F8FB98894877811B14994FEA9D
                                                                                                                  SHA1:42475E6AFB6A8AE41E2FC2B9949189EF9BBE09FB
                                                                                                                  SHA-256:90A560FF82605DB7EDA26C90331650FF9E42C0B596CEDB79B23598DEC1B4988F
                                                                                                                  SHA-512:2CE9C69E901AB5F766E6CFC1E592E1AF5A07AA78D154CCBB7898519A12E6B42A21C5052A86783ABE3E7A05043D4BD41B28960FEDDB30169FF7F7FE7208C8CFE9
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "CREAR NUEVO".. },.. "explanationofflinedisabled": {.. "message": "No tienes conexi.n. Para usar Documentos de Google sin conexi.n a Internet, ve a la configuraci.n de la p.gina principal de Documentos de Google y activa la sincronizaci.n sin conexi.n la pr.xima vez que est.s conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "No tienes conexi.n, pero a.n puedes modificar los archivos disponibles o crear otros nuevos.".. },.. "extdesc": {.. "message": "Edita, crea y consulta tus documentos, hojas de c.lculo y presentaciones aunque no tengas acceso a Internet".. },.. "extname": {.. "message": "Documentos de Google sin conexi.n".. },.. "learnmore": {.. "message": "M.s informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, modifica y colabora dondequiera que est.s, con conexi.n a Internet o sin ella.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\et\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):968
                                                                                                                  Entropy (8bit):4.633956349931516
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HA5WG6t306+9sihHvMfdJLjUk4NJPNczGr:mWGY0cOUdJODPmzs
                                                                                                                  MD5:64204786E7A7C1ED9C241F1C59B81007
                                                                                                                  SHA1:586528E87CD670249A44FB9C54B1796E40CDB794
                                                                                                                  SHA-256:CC31B877238DA6C1D51D9A6155FDE565727A1956572F466C387B7E41C4923A29
                                                                                                                  SHA-512:44FCF93F3FB10A3DB68D74F9453995995AB2D16863EC89779DB451A4D90F19743B8F51095EEC3ECEF5BD0C5C60D1BF3DFB0D64DF288DCCFBE70C129AE350B2C6
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "LOO UUS".. },.. "explanationofflinedisabled": {.. "message": "Teil ei ole v.rgu.hendust. Teenuse Google.i dokumendid kasutamiseks ilma Interneti-.henduseta avage j.rgmine kord, kui olete Internetiga .hendatud, teenuse Google.i dokumendid avalehel seaded ja l.litage sisse v.rgu.henduseta s.nkroonimine.".. },.. "explanationofflineenabled": {.. "message": "Teil ei ole v.rgu.hendust, kuid saate endiselt saadaolevaid faile muuta v.i uusi luua.".. },.. "extdesc": {.. "message": "Saate luua, muuta ja vaadata oma dokumente, arvustustabeleid ning esitlusi ilma Interneti-.henduseta.".. },.. "extname": {.. "message": "V.rgu.henduseta Google.i dokumendid".. },.. "learnmore": {.. "message": "Lisateave".. },.. "popuphelptext": {.. "message": "Kirjutage, muutke ja tehke koost..d .ksk.ik kus olenemata sellest, kas teil on Interneti-.hendus.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\eu\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):838
                                                                                                                  Entropy (8bit):4.4975520913636595
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:YnmjggqTWngosqYQqE1kjO39m7OddC0vjWQMmWgqwgQ8KLcxOb:Ynmsgqyngosq9qxTOs0vjWQMbgqchb
                                                                                                                  MD5:29A1DA4ACB4C9D04F080BB101E204E93
                                                                                                                  SHA1:2D0E4587DDD4BAC1C90E79A88AF3BD2C140B53B1
                                                                                                                  SHA-256:A41670D52423BA69C7A65E7E153E7B9994E8DD0370C584BDA0714BD61C49C578
                                                                                                                  SHA-512:B7B7A5A0AA8F6724B0FA15D65F25286D9C66873F03080CBABA037BDEEA6AADC678AC4F083BC52C2DB01BEB1B41A755ED67BBDDB9C0FE4E35A004537A3F7FC458
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"createnew":{"message":"SORTU"},"explanationofflinedisabled":{"message":"Ez zaude konektatuta Internetera. Google Dokumentuak konexiorik gabe erabiltzeko, joan Google Dokumentuak zerbitzuaren orri nagusiko ezarpenetara eta aktibatu konexiorik gabeko sinkronizazioa Internetera konektatzen zaren hurrengoan."},"explanationofflineenabled":{"message":"Ez zaude konektatuta Internetera, baina erabilgarri dauden fitxategiak edita ditzakezu, baita beste batzuk sortu ere."},"extdesc":{"message":"Editatu, sortu eta ikusi dokumentuak, kalkulu-orriak eta aurkezpenak Interneteko konexiorik gabe."},"extname":{"message":"Google Dokumentuak konexiorik gabe"},"learnmore":{"message":"Lortu informazio gehiago"},"popuphelptext":{"message":"Edonon zaudela ere, ez duzu zertan konektatuta egon idatzi, editatu eta lankidetzan jardun ahal izateko."}}.

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\fa\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1305
                                                                                                                  Entropy (8bit):4.673517697192589
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HAX9yM7oiI99Rwx4xyQakJbfAEJhmq/RlBu92P7FbNcgYVJ0:JM7ovex4xyQaKjAEyq/p7taX0
                                                                                                                  MD5:097F3BA8DE41A0AAF436C783DCFE7EF3
                                                                                                                  SHA1:986B8CABD794E08C7AD41F0F35C93E4824AC84DF
                                                                                                                  SHA-256:7C4C09D19AC4DA30CC0F7F521825F44C4DFBC19482A127FBFB2B74B3468F48F1
                                                                                                                  SHA-512:8114EA7422E3B20AE3F08A3A64A6FFE1517A7579A3243919B8F789EB52C68D6F5A591F7B4D16CEE4BD337FF4DAF4057D81695732E5F7D9E761D04F859359FADB
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ... ....".. },.. "explanationofflinedisabled": {.. "message": "...... ...... .... ....... .. ....... Google .... ..... ........ .... ... .. .. ....... ... ..... .. ....... .. .... .... ....... Google ..... . .......... ...... .. .... .....".. },.. "explanationofflineenabled": {.. "message": "...... ..... ... ...... ......... ......... .. .. .. ..... ..... ...... .... .. ........ ..... ..... .....".. },.. "extdesc": {.. "message": "...... ............ . ........ .. ....... ..... . ...... .... . ... ... ..... .... ...... .. ........".. },.. "extname": {.. "message": "....... Google .

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\fi\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):911
                                                                                                                  Entropy (8bit):4.6294343834070935
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:1HASvguCBxNMME2BESA7gPQk36xCBxeMMcXYBt+CSU1pfazCBhUunV1tLaX5GI2N:1HAVioESAsPf36O3Xst/p3J8JeEY
                                                                                                                  MD5:B38CBD6C2C5BFAA6EE252D573A0B12A1
                                                                                                                  SHA1:2E490D5A4942D2455C3E751F96BD9960F93C4B60
                                                                                                                  SHA-256:2D752A5DBE80E34EA9A18C958B4C754F3BC10D63279484E4DF5880B8FD1894D2
                                                                                                                  SHA-512:6E65207F4D8212736059CC802C6A7104E71A9CC0935E07BD13D17EC46EA26D10BC87AD923CD84D78781E4F93231A11CB9ED8D3558877B6B0D52C07CB005F1C0C
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "LUO UUSI".. },.. "explanationofflinedisabled": {.. "message": "Olet offline-tilassa. Jos haluat k.ytt.. Google Docsia ilman internetyhteytt., siirry Google Docsin etusivulle ja ota asetuksissa k.ytt..n offline-synkronointi, kun seuraavan kerran olet yhteydess. internetiin.".. },.. "explanationofflineenabled": {.. "message": "Olet offline-tilassa. Voit kuitenkin muokata k.ytett.viss. olevia tiedostoja tai luoda uusia.".. },.. "extdesc": {.. "message": "Muokkaa, luo ja katso dokumentteja, laskentataulukoita ja esityksi. ilman internetyhteytt..".. },.. "extname": {.. "message": "Google Docsin offline-tila".. },.. "learnmore": {.. "message": "Lis.tietoja".. },.. "popuphelptext": {.. "message": "Kirjoita, muokkaa ja tee yhteisty.t. paikasta riippumatta, my.s ilman internetyhteytt..".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\fil\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):939
                                                                                                                  Entropy (8bit):4.451724169062555
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HAXbH2eZXn6sjLITdRSJpGL/gWFJ3sqixO:ubHfZqsHIT/FLL3qO
                                                                                                                  MD5:FCEA43D62605860FFF41BE26BAD80169
                                                                                                                  SHA1:F25C2CE893D65666CC46EA267E3D1AA080A25F5B
                                                                                                                  SHA-256:F51EEB7AAF5F2103C1043D520E5A4DE0FA75E4DC375E23A2C2C4AFD4D9293A72
                                                                                                                  SHA-512:F66F113A26E5BCF54B9AAFA69DAE3C02C9C59BD5B9A05F829C92AF208C06DC8CCC7A1875CBB7B7CE425899E4BA27BFE8CE2CDAF43A00A1B9F95149E855989EE0
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "GUMAWA NG BAGO".. },.. "explanationofflinedisabled": {.. "message": "Naka-offline ka. Upang magamit ang Google Docs nang walang koneksyon sa internet, pumunta sa mga setting sa homepage ng Google Docs at i-on ang offline na pag-sync sa susunod na nakakonekta ka sa internet.".. },.. "explanationofflineenabled": {.. "message": "Naka-offline ka, ngunit maaari mo pa ring i-edit ang mga available na file o gumawa ng mga bago.".. },.. "extdesc": {.. "message": "I-edit, gawin, at tingnan ang iyong mga dokumento, spreadsheet, at presentation . lahat ng ito nang walang access sa internet.".. },.. "extname": {.. "message": "Google Docs Offline".. },.. "learnmore": {.. "message": "Matuto Pa".. },.. "popuphelptext": {.. "message": "Magsulat, mag-edit at makipag-collaborate nasaan ka man, nang mayroon o walang koneksyon sa internet.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\fr\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):977
                                                                                                                  Entropy (8bit):4.622066056638277
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HAdy42ArMdsH50Jd6Z1PCBolXAJ+GgNHp0X16M1J1:EyfArMS2Jd6Z1PCBolX2+vNmX16Y1
                                                                                                                  MD5:A58C0EEBD5DC6BB5D91DAF923BD3A2AA
                                                                                                                  SHA1:F169870EEED333363950D0BCD5A46D712231E2AE
                                                                                                                  SHA-256:0518287950A8B010FFC8D52554EB82E5D93B6C3571823B7CECA898906C11ABCC
                                                                                                                  SHA-512:B04AFD61DE490BC838354E8DC6C22BE5C7AC6E55386FFF78489031ACBE2DBF1EAA2652366F7A1E62CE87CFCCB75576DA3B2645FEA1645B0ECEB38B1FA3A409E8
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour pouvoir utiliser Google.Docs sans connexion Internet, acc.dez aux param.tres de la page d'accueil de Google.Docs et activez la synchronisation hors connexion lors de votre prochaine connexion . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez quand m.me modifier les fichiers disponibles ou cr.er des fichiers.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez des documents, feuilles de calcul et pr.sentations, sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Docs hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": "R.digez des documents, modifiez-les et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\fr_CA\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):972
                                                                                                                  Entropy (8bit):4.621319511196614
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HAdyg2pwbv1V8Cd61PC/vT2fg3YHDyM1J1:EyHpwbpd61C/72Y3YOY1
                                                                                                                  MD5:6CAC04BDCC09034981B4AB567B00C296
                                                                                                                  SHA1:84F4D0E89E30ED7B7ACD7644E4867FFDB346D2A5
                                                                                                                  SHA-256:4CAA46656ECC46A420AA98D3307731E84F5AC1A89111D2E808A228C436D83834
                                                                                                                  SHA-512:160590B6EC3DCF48F3EA7A5BAA11A8F6FA4131059469623E00AD273606B468B3A6E56D199E97DAA0ECB6C526260EBAE008570223F2822811F441D1C900DC33D6
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "CR.ER".. },.. "explanationofflinedisabled": {.. "message": "Vous .tes hors connexion. Pour utiliser Google.Documents sans connexion Internet, acc.dez aux param.tres sur la page d'accueil Google.Documents et activez la synchronisation hors ligne la prochaine fois que vous .tes connect. . Internet.".. },.. "explanationofflineenabled": {.. "message": "Vous .tes hors connexion, mais vous pouvez toujours modifier les fichiers disponibles ou en cr.er.".. },.. "extdesc": {.. "message": "Modifiez, cr.ez et consultez vos documents, vos feuilles de calcul et vos pr.sentations, le tout sans acc.s . Internet.".. },.. "extname": {.. "message": "Google.Documents hors connexion".. },.. "learnmore": {.. "message": "En savoir plus".. },.. "popuphelptext": {.. "message": ".crivez, modifiez et collaborez o. que vous soyez, avec ou sans connexion Internet.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\gl\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):990
                                                                                                                  Entropy (8bit):4.497202347098541
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:1HASvggECBxNbWVqMjlMgaPLqXPhTth0CBxebWbMRCSUCjAKFCSIj0tR7tCBhP1l:1HACzWsMlajIhJhHKWbFKFC0tR8oNK5
                                                                                                                  MD5:6BAAFEE2F718BEFBC7CD58A04CCC6C92
                                                                                                                  SHA1:CE0BDDDA2FA1F0AD222B604C13FF116CBB6D02CF
                                                                                                                  SHA-256:0CF098DFE5BBB46FC0132B3CF0C54B06B4D2C8390D847EE2A65D20F9B7480F4C
                                                                                                                  SHA-512:3DA23E74CD6CF9C0E2A0C4DBA60301281D362FB0A2A908F39A55ABDCA4CC69AD55638C63CC3BEFD44DC032F9CBB9E2FDC1B4C4ABE292917DF8272BA25B82AF20
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "CREAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est.s sen conexi.n. Para utilizar Documentos de Google sen conexi.n a Internet, accede .s opci.ns de configuraci.n na p.xina de inicio de Documentos de Google e activa a sincronizaci.n sen conexi.n a pr.xima vez que esteas conectado a Internet.".. },.. "explanationofflineenabled": {.. "message": "Est.s sen conexi.n. A.nda podes editar os ficheiros dispo.ibles ou crear outros novos.".. },.. "extdesc": {.. "message": "Modifica, crea e consulta os teus documentos, follas de c.lculo e presentaci.ns sen necesidade de acceder a Internet.".. },.. "extname": {.. "message": "Documentos de Google sen conexi.n".. },.. "learnmore": {.. "message": "M.is informaci.n".. },.. "popuphelptext": {.. "message": "Escribe, edita e colabora esteas onde esteas, tanto se tes conexi.n a Internet como se non a tes.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\gu\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1658
                                                                                                                  Entropy (8bit):4.294833932445159
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HA3k3FzEVeXWuvLujNzAK11RiqRC2sA0O3cEiZ7dPRFFOPtZdK0A41yG3BczKT3:Q4pE4rCjNjw6/0y+5j8ZHA4PBSKr
                                                                                                                  MD5:BC7E1D09028B085B74CB4E04D8A90814
                                                                                                                  SHA1:E28B2919F000B41B41209E56B7BF3A4448456CFE
                                                                                                                  SHA-256:FE8218DF25DB54E633927C4A1640B1A41B8E6CB3360FA386B5382F833B0B237C
                                                                                                                  SHA-512:040A8267D67DB05BBAA52F1FAC3460F58D35C5B73AA76BBF17FA78ACC6D3BFB796A870DD44638F9AC3967E35217578A20D6F0B975CEEEEDBADFC9F65BE7E72C9
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": ".... .....".. },.. "explanationofflinedisabled": {.. "message": "... ...... ... ........ ....... ... Google .......... ..... .... ...., ... .... .... ...... ........ .... ...... ... ...... Google ........ ...... .. ........ .. ... ... ...... ....... .... ....".. },.. "explanationofflineenabled": {.. "message": "... ...... .., ..... ... ... .. ...... ..... ....... ... ... .. .... ... ..... ... ...".. },.. "extdesc": {.. "message": "..... ........., ..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\hi\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1672
                                                                                                                  Entropy (8bit):4.314484457325167
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:46G2+ymELbLNzGVx/hXdDtxSRhqv7Qm6/7Lm:4GbxzGVzXdDtx+qzU/7C
                                                                                                                  MD5:98A7FC3E2E05AFFFC1CFE4A029F47476
                                                                                                                  SHA1:A17E077D6E6BA1D8A90C1F3FAF25D37B0FF5A6AD
                                                                                                                  SHA-256:D2D1AFA224CDA388FF1DC8FAC24CDA228D7CE09DE5D375947D7207FA4A6C4F8D
                                                                                                                  SHA-512:457E295C760ABFD29FC6BBBB7FC7D4959287BCA7FB0E3E99EB834087D17EED331DEF18138838D35C48C6DDC8A0134AFFFF1A5A24033F9B5607B355D3D48FDF88
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "... .....".. },.. "explanationofflinedisabled": {.. "message": ".. ...... .... ....... ....... .. .... Google ........ .. ..... .... .. ..., .... ... ....... .. ...... .... .. Google ........ .. ........ .. ...... ... .... .. ...... ....... .... .....".. },.. "explanationofflineenabled": {.. "message": ".. ...... ..., ..... .. .. .. ...... ...... ..... .. .... ... .. .. ...... ... .... ....".. },.. "extdesc": {.. "message": ".... .... ....... ...... ..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\hr\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):935
                                                                                                                  Entropy (8bit):4.6369398601609735
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HA7sR5k/I+UX/hrcySxG1fIZ3tp/S/d6Gpb+D:YsE/I+UX/hVSxQ03f/Sj+D
                                                                                                                  MD5:25CDFF9D60C5FC4740A48EF9804BF5C7
                                                                                                                  SHA1:4FADECC52FB43AEC084DF9FF86D2D465FBEBCDC0
                                                                                                                  SHA-256:73E6E246CEEAB9875625CD4889FBF931F93B7B9DEAA11288AE1A0F8A6E311E76
                                                                                                                  SHA-512:EF00B08496427FEB5A6B9FB3FE2E5404525BE7C329D9DD2A417480637FD91885837D134A26980DCF9F61E463E6CB68F09A24402805807E656AF16B116A75E02C
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "IZRADI NOVI".. },.. "explanationofflinedisabled": {.. "message": "Vi ste izvan mre.e. Da biste koristili Google dokumente bez internetske veze, idite na postavke na po.etnoj stranici Google dokumenata i uklju.ite izvanmre.nu sinkronizaciju sljede.i put kada se pove.ete s internetom.".. },.. "explanationofflineenabled": {.. "message": "Vi ste izvan mre.e, no i dalje mo.ete ure.ivati dostupne datoteke i izra.ivati nove.".. },.. "extdesc": {.. "message": "Uredite, izradite i pregledajte dokumente, prora.unske tablice i prezentacije . sve bez pristupa internetu.".. },.. "extname": {.. "message": "Google dokumenti izvanmre.no".. },.. "learnmore": {.. "message": "Saznajte vi.e".. },.. "popuphelptext": {.. "message": "Pi.ite, ure.ujte i sura.ujte gdje god se nalazili, povezani s internetom ili izvanmre.no.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\hu\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1065
                                                                                                                  Entropy (8bit):4.816501737523951
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HA6J54gEYwFFMxv4gvyB9FzmxlsN147g/zJcYwJgrus4QY2jom:NJ54gEYwUmgKHFzmsG7izJcYOgKgYjm
                                                                                                                  MD5:8930A51E3ACE3DD897C9E61A2AEA1D02
                                                                                                                  SHA1:4108506500C68C054BA03310C49FA5B8EE246EA4
                                                                                                                  SHA-256:958C0F664FCA20855FA84293566B2DDB7F297185619143457D6479E6AC81D240
                                                                                                                  SHA-512:126B80CD3428C0BC459EEAAFCBE4B9FDE2541A57F19F3EC7346BAF449F36DC073A9CF015594A57203255941551B25F6FAA6D2C73C57C44725F563883FF902606
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": ".J L.TREHOZ.SA".. },.. "explanationofflinedisabled": {.. "message": "Jelenleg offline .llapotban van. Ha a Google Dokumentumokat internetkapcsolat n.lk.l szeretn. haszn.lni, a legk.zelebbi internethaszn.lata sor.n nyissa meg a Google Dokumentumok kezd.oldal.n tal.lhat. be.ll.t.sokat, .s tiltsa le az offline szinkroniz.l.s be.ll.t.st.".. },.. "explanationofflineenabled": {.. "message": "Offline .llapotban van, de az el.rhet. f.jlokat .gy is szerkesztheti, valamint l.trehozhat .jakat.".. },.. "extdesc": {.. "message": "Szerkesszen, hozzon l.tre .s tekintsen meg dokumentumokat, t.bl.zatokat .s prezent.ci.kat . ak.r internetkapcsolat n.lk.l is.".. },.. "extname": {.. "message": "Google Dokumentumok Offline".. },.. "learnmore": {.. "message": "Tov.bbi inform.ci.".. },.. "popuphelptext": {.. "message": ".rjon, szerkesszen .s dolgozzon egy.tt m.sokkal

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\hy\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2771
                                                                                                                  Entropy (8bit):3.7629875118570055
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:Y0Fx+eiYZBZ7K1ZZ/5QQxTuDLoFZaIZSK7lq0iC0mlMO6M3ih1oAgC:lF2BTz6N/
                                                                                                                  MD5:55DE859AD778E0AA9D950EF505B29DA9
                                                                                                                  SHA1:4479BE637A50C9EE8A2F7690AD362A6A8FFC59B2
                                                                                                                  SHA-256:0B16E3F8BD904A767284345AE86A0A9927C47AFE89E05EA2B13AD80009BDF9E4
                                                                                                                  SHA-512:EDAB2FCC14CABB6D116E9C2907B42CFBC34F1D9035F43E454F1F4D1F3774C100CBADF6B4C81B025810ED90FA91C22F1AEFE83056E4543D92527E4FE81C7889A8
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"createnew":{"message":"\u054d\u054f\u0535\u0542\u053e\u0535\u053c \u0546\u0548\u0550"},"explanationofflinedisabled":{"message":"Google \u0553\u0561\u057d\u057f\u0561\u0569\u0572\u0569\u0565\u0580\u0568 \u0576\u0561\u0587 \u0561\u0576\u0581\u0561\u0576\u0581 \u057c\u0565\u056a\u056b\u0574\u0578\u0582\u0574 \u0585\u0563\u057f\u0561\u0563\u0578\u0580\u056e\u0565\u056c\u0578\u0582 \u0570\u0561\u0574\u0561\u0580 \u0574\u056b\u0561\u0581\u0565\u0584 \u0570\u0561\u0574\u0561\u0581\u0561\u0576\u0581\u056b\u0576, \u0562\u0561\u0581\u0565\u0584 \u056e\u0561\u057c\u0561\u0575\u0578\u0582\u0569\u0575\u0561\u0576 \u0563\u056c\u056d\u0561\u057e\u0578\u0580 \u0567\u057b\u0568, \u0561\u0576\u0581\u0565\u0584 \u056f\u0561\u0580\u0563\u0561\u057e\u0578\u0580\u0578\u0582\u0574\u0576\u0565\u0580 \u0587 \u0574\u056b\u0561\u0581\u0580\u0565\u0584 \u0561\u0576\u0581\u0561\u0576\u0581 \u0570\u0561\u0574\u0561\u056a\u0561\u0574\u0561\u0581\u0578\u0582\u0574\u0568:"},"explanationofflineenabled":{"message":"\u

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\id\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):858
                                                                                                                  Entropy (8bit):4.474411340525479
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:1HASvgJX4CBxNpXemNOAJRFqjRpCBxedIdjTi92OvbCSUuoi01uRwCBhUuvz1thK:1HARXzhXemNOQWGcEoeH1eXJNvT2
                                                                                                                  MD5:34D6EE258AF9429465AE6A078C2FB1F5
                                                                                                                  SHA1:612CAE151984449A4346A66C0A0DF4235D64D932
                                                                                                                  SHA-256:E3C86DDD2EFEBE88EED8484765A9868202546149753E03A61EB7C28FD62CFCA1
                                                                                                                  SHA-512:20427807B64A0F79A6349F8A923152D9647DA95C05DE19AD3A4BF7DB817E25227F3B99307C8745DD323A6591B515221BD2F1E92B6F1A1783BDFA7142E84601B1
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "BUAT BARU".. },.. "explanationofflinedisabled": {.. "message": "Anda sedang offline. Untuk menggunakan Google Dokumen tanpa koneksi internet, buka setelan di beranda Google Dokumen dan aktifkan sinkronisasi offline saat terhubung ke internet.".. },.. "explanationofflineenabled": {.. "message": "Anda sedang offline, namun Anda masih dapat mengedit file yang tersedia atau membuat file baru.".. },.. "extdesc": {.. "message": "Edit, buat, dan lihat dokumen, spreadsheet, dan presentasi . tanpa perlu akses internet.".. },.. "extname": {.. "message": "Google Dokumen Offline".. },.. "learnmore": {.. "message": "Pelajari Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit, dan gabungkan di mana saja, dengan atau tanpa koneksi internet.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\is\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):954
                                                                                                                  Entropy (8bit):4.631887382471946
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:YGXU2rOcxGe+J97f9TP2DBX9tMfxqbTMvOfWWgdraqlifVpm0Ekf95MwP9KkJ+je:YwBrD2J2DBLMfFuWvdpY94vioO+uh
                                                                                                                  MD5:1F565FB1C549B18AF8BBFED8DECD5D94
                                                                                                                  SHA1:B57F4BDAE06FF3DFC1EB3E56B6F2F204D6F63638
                                                                                                                  SHA-256:E16325D1A641EF7421F2BAFCD6433D53543C89D498DD96419B03CBA60B9C7D60
                                                                                                                  SHA-512:A60B8E042A9BCDCC136B87948E9924A0B24D67C6CA9803904B876F162A0AD82B9619F1316BE9FF107DD143B44F7E6F5DF604ABFE00818DEB40A7D62917CDA69F
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"createnew":{"message":"B\u00daA TIL N\u00ddTT"},"explanationofflinedisabled":{"message":"\u00de\u00fa ert \u00e1n nettengingar. Til a\u00f0 nota Google skj\u00f6l \u00e1n nettengingar skaltu opna stillingarnar \u00e1 heimas\u00ed\u00f0u Google skjala og virkja samstillingu \u00e1n nettengingar n\u00e6st \u00feegar \u00fe\u00fa tengist netinu."},"explanationofflineenabled":{"message":"Engin nettenging. \u00de\u00fa getur samt sem \u00e1\u00f0ur breytt tilt\u00e6kum skr\u00e1m e\u00f0a b\u00fai\u00f0 til n\u00fdjar."},"extdesc":{"message":"Breyttu, b\u00fa\u00f0u til og sko\u00f0a\u00f0u skj\u00f6lin \u00fe\u00edn, t\u00f6flureikna og kynningar \u2014 allt \u00e1n nettengingar."},"extname":{"message":"Google skj\u00f6l \u00e1n nettengingar"},"learnmore":{"message":"Frekari uppl\u00fdsingar"},"popuphelptext":{"message":"Skrifa\u00f0u, breyttu og starfa\u00f0u me\u00f0 \u00f6\u00f0rum hvort sem nettenging er til sta\u00f0ar e\u00f0a ekki."}}.

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\it\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):899
                                                                                                                  Entropy (8bit):4.474743599345443
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:1HASvggrCBxNp8WJOJJrJ3WytVCBxep3bjP5CSUCjV8AgJJm2CBhr+z1tWgjqEOW:1HANXJOTBFtKa8Agju4NB3j
                                                                                                                  MD5:0D82B734EF045D5FE7AA680B6A12E711
                                                                                                                  SHA1:BD04F181E4EE09F02CD53161DCABCEF902423092
                                                                                                                  SHA-256:F41862665B13C0B4C4F562EF1743684CCE29D4BCF7FE3EA494208DF253E33885
                                                                                                                  SHA-512:01F305A280112482884485085494E871C66D40C0B03DE710B4E5F49C6A478D541C2C1FDA2CEAF4307900485946DEE9D905851E98A2EB237642C80D464D1B3ADA
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "CREA NUOVO".. },.. "explanationofflinedisabled": {.. "message": "Sei offline. Per utilizzare Documenti Google senza una connessione Internet, apri le impostazioni nella home page di Documenti Google e attiva la sincronizzazione offline la prossima volta che ti colleghi a Internet.".. },.. "explanationofflineenabled": {.. "message": "Sei offline, ma puoi comunque modificare i file disponibili o crearne di nuovi.".. },.. "extdesc": {.. "message": "Modifica, crea e visualizza documenti, fogli di lavoro e presentazioni, senza accesso a Internet.".. },.. "extname": {.. "message": "Documenti Google offline".. },.. "learnmore": {.. "message": "Ulteriori informazioni".. },.. "popuphelptext": {.. "message": "Scrivi, modifica e collabora ovunque ti trovi, con o senza una connessione Internet.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\iw\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2230
                                                                                                                  Entropy (8bit):3.8239097369647634
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:YIiTVLrLD1MEzMEH82LBLjO5YaQEqLytLLBm3dnA5LcqLWAU75yxFLcx+UxWRJLI:YfTFf589rZNgNA12Qzt4/zRz2vc
                                                                                                                  MD5:26B1533C0852EE4661EC1A27BD87D6BF
                                                                                                                  SHA1:18234E3ABAF702DF9330552780C2F33B83A1188A
                                                                                                                  SHA-256:BBB81C32F482BA3216C9B1189C70CEF39CA8C2181AF3538FFA07B4C6AD52F06A
                                                                                                                  SHA-512:450BFAF0E8159A4FAE309737EA69CA8DD91CAAFD27EF662087C4E7716B2DCAD3172555898E75814D6F11487F4F254DE8625EF0CFEA8DF0133FC49E18EC7FD5D2
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"createnew":{"message":"\u05d9\u05e6\u05d9\u05e8\u05ea \u05d7\u05d3\u05e9"},"explanationofflinedisabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8. \u05db\u05d3\u05d9 \u05dc\u05d4\u05e9\u05ea\u05de\u05e9 \u05d1-Google Docs \u05dc\u05dc\u05d0 \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d1\u05d4\u05ea\u05d7\u05d1\u05e8\u05d5\u05ea \u05d4\u05d1\u05d0\u05d4 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8, \u05d9\u05e9 \u05dc\u05e2\u05d1\u05d5\u05e8 \u05dc\u05e7\u05d8\u05e2 \u05d4\u05d4\u05d2\u05d3\u05e8\u05d5\u05ea \u05d1\u05d3\u05e3 \u05d4\u05d1\u05d9\u05ea \u05e9\u05dc Google Docs \u05d5\u05dc\u05d4\u05e4\u05e2\u05d9\u05dc \u05e1\u05e0\u05db\u05e8\u05d5\u05df \u05d1\u05de\u05e6\u05d1 \u05d0\u05d5\u05e4\u05dc\u05d9\u05d9\u05df."},"explanationofflineenabled":{"message":"\u05d0\u05d9\u05df \u05dc\u05da \u05d7\u05d9\u05d1\u05d5\u05e8 \u05dc\u05d0\u05d9\u05e0\u05d8\u05e

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\ja\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1160
                                                                                                                  Entropy (8bit):5.292894989863142
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HAoc3IiRF1viQ1RF3CMP3rnicCCAFrr1Oo0Y5ReXCCQkb:Dc3zF7F3CMTnOCAFVLHXCFb
                                                                                                                  MD5:15EC1963FC113D4AD6E7E59AE5DE7C0A
                                                                                                                  SHA1:4017FC6D8B302335469091B91D063B07C9E12109
                                                                                                                  SHA-256:34AC08F3C4F2D42962A3395508818B48CA323D22F498738CC9F09E78CB197D73
                                                                                                                  SHA-512:427251F471FA3B759CA1555E9600C10F755BC023701D058FF661BEC605B6AB94CFB3456C1FEA68D12B4D815FFBAFABCEB6C12311DD1199FC783ED6863AF97C0F
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "....".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ............................... Google .............. [..] .......[.......] ...........".. },.. "explanationofflineenabled": {.. "message": ".............................................".. },.. "extdesc": {.. "message": ".........................................................".. },.. "extname": {.. "message": "Google ..... ......".. },.. "learnmore": {.. "message": "..".. },.. "popuphelp

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\ka\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):3264
                                                                                                                  Entropy (8bit):3.586016059431306
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:YGFbhVhVn0nM/XGbQTvxnItVJW/476CFdqaxWNlR:HFbhV/n0MfGbw875FkaANlR
                                                                                                                  MD5:83F81D30913DC4344573D7A58BD20D85
                                                                                                                  SHA1:5AD0E91EA18045232A8F9DF1627007FE506A70E0
                                                                                                                  SHA-256:30898BBF51BDD58DB397FF780F061E33431A38EF5CFC288B5177ECF76B399F26
                                                                                                                  SHA-512:85F97F12AD4482B5D9A6166BB2AE3C4458A582CF575190C71C1D8E0FB87C58482F8C0EFEAD56E3A70EDD42BED945816DB5E07732AD27B8FFC93F4093710DD58F
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"createnew":{"message":"\u10d0\u10ee\u10da\u10d8\u10e1 \u10e8\u10d4\u10e5\u10db\u10dc\u10d0"},"explanationofflinedisabled":{"message":"\u10d7\u10e5\u10d5\u10d4\u10dc \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10ee\u10d0\u10e0\u10d7. Google Docs-\u10d8\u10e1 \u10d8\u10dc\u10e2\u10d4\u10e0\u10dc\u10d4\u10e2\u10d7\u10d0\u10dc \u10d9\u10d0\u10d5\u10e8\u10d8\u10e0\u10d8\u10e1 \u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10d2\u10d0\u10db\u10dd\u10e1\u10d0\u10e7\u10d4\u10dc\u10d4\u10d1\u10da\u10d0\u10d3 \u10d2\u10d0\u10d3\u10d0\u10d3\u10d8\u10d7 \u10de\u10d0\u10e0\u10d0\u10db\u10d4\u10e2\u10e0\u10d4\u10d1\u10d6\u10d4 Google Docs-\u10d8\u10e1 \u10db\u10d7\u10d0\u10d5\u10d0\u10e0 \u10d2\u10d5\u10d4\u10e0\u10d3\u10d6\u10d4 \u10d3\u10d0 \u10e9\u10d0\u10e0\u10d7\u10d4\u10d7 \u10ee\u10d0\u10d6\u10d2\u10d0\u10e0\u10d4\u10e8\u10d4 \u10e1\u10d8\u10dc\u10e5\u10e0\u10dd\u10dc\u10d8\u10d6\u10d0\u10ea\u10d8\u10d0, \u10e0\u10dd\u10d3\u10d4\u10e1\u10d0\u10ea \u10e8\u10d4\u10db\u10d3\u10d2\u10dd\u10

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\kk\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):3235
                                                                                                                  Entropy (8bit):3.6081439490236464
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:H3E+6rOEAbeHTln2EQ77Uayg45RjhCSj+OyRdM7AE9qdV:HXcR/nQXUayYV
                                                                                                                  MD5:2D94A58795F7B1E6E43C9656A147AD3C
                                                                                                                  SHA1:E377DB505C6924B6BFC9D73DC7C02610062F674E
                                                                                                                  SHA-256:548DC6C96E31A16CE355DC55C64833B08EF3FBA8BF33149031B4A685959E3AF4
                                                                                                                  SHA-512:F51CC857E4CF2D4545C76A2DCE7D837381CE59016E250319BF8D39718BE79F9F6EE74EA5A56DE0E8759E4E586D93430D51651FC902376D8A5698628E54A0F2D8
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"createnew":{"message":"\u0416\u0410\u04a2\u0410\u0421\u042b\u041d \u0416\u0410\u0421\u0410\u0423"},"explanationofflinedisabled":{"message":"\u0421\u0456\u0437 \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u043d\u0434\u0435\u0441\u0456\u0437. Google Docs \u049b\u043e\u043b\u0434\u0430\u043d\u0431\u0430\u0441\u044b\u043d \u0436\u0435\u043b\u0456 \u0431\u0430\u0439\u043b\u0430\u043d\u044b\u0441\u044b\u043d\u0441\u044b\u0437 \u049b\u043e\u043b\u0434\u0430\u043d\u0443 \u04af\u0448\u0456\u043d, \u043a\u0435\u043b\u0435\u0441\u0456 \u0436\u043e\u043b\u044b \u0436\u0435\u043b\u0456\u0433\u0435 \u049b\u043e\u0441\u044b\u043b\u0493\u0430\u043d\u0434\u0430, Google Docs \u043d\u0435\u0433\u0456\u0437\u0433\u0456 \u0431\u0435\u0442\u0456\u043d\u0435\u043d \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043b\u0435\u0440 \u0431\u04e9\u043b\u0456\u043c\u0456\u043d \u043a\u0456\u0440\u0456\u043f, \u043e\u0444\u043b\u0430\u0439\u043d \u0440\u0435\u0436\u0438\u043c\u0456\u

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\km\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):3122
                                                                                                                  Entropy (8bit):3.891443295908904
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:/OOrssRU6Bg7VSdL+zsCfoZiWssriWqo2gx7RRCos2sEeBkS7Zesg:H5GRZlXsGdo
                                                                                                                  MD5:B3699C20A94776A5C2F90AEF6EB0DAD9
                                                                                                                  SHA1:1F9B968B0679A20FA097624C9ABFA2B96C8C0BEA
                                                                                                                  SHA-256:A6118F0A0DE329E07C01F53CD6FB4FED43E54C5F53DB4CD1C7F5B2B4D9FB10E6
                                                                                                                  SHA-512:1E8D15B8BFF1D289434A244172F9ED42B4BB6BCB6372C1F300B01ACEA5A88167E97FEDABA0A7AE3BEB5E24763D1B09046AE8E30745B80E2E2FE785C94DF362F6
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"createnew":{"message":"\u1794\u1784\u17d2\u1780\u17be\u178f\u200b\u1790\u17d2\u1798\u17b8"},"explanationofflinedisabled":{"message":"\u17a2\u17d2\u1793\u1780\u200b\u1782\u17d2\u1798\u17b6\u1793\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f\u17d4 \u178a\u17be\u1798\u17d2\u1794\u17b8\u200b\u1794\u17d2\u179a\u17be Google \u17af\u1780\u179f\u17b6\u179a\u200b\u1794\u17b6\u1793\u200b\u200b\u178a\u17c4\u1799\u200b\u200b\u1798\u17b7\u1793\u1798\u17b6\u1793\u200b\u200b\u200b\u17a2\u17ca\u17b8\u1793\u1792\u17ba\u178e\u17b7\u178f \u179f\u17bc\u1798\u200b\u200b\u1791\u17c5\u200b\u1780\u17b6\u1793\u17cb\u200b\u1780\u17b6\u179a\u200b\u1780\u17c6\u178e\u178f\u17cb\u200b\u1793\u17c5\u200b\u179b\u17be\u200b\u1782\u17c1\u17a0\u1791\u17c6\u1796\u17d0\u179a Google \u17af\u1780\u179f\u17b6\u179a \u1793\u17b7\u1784\u200b\u1794\u17be\u1780\u200b\u1780\u17b6\u179a\u1792\u17d2\u179c\u17be\u200b\u179f\u1798\u1780\u17b6\u179b\u1780\u1798\u17d2\u1798\u200b\u200b\u200b\u1782\u17d2\u1798\u17b6\u1793

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\kn\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1880
                                                                                                                  Entropy (8bit):4.295185867329351
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:SHYGuEETiuF6OX5tCYFZt5GurMRRevsY4tVZIGnZRxlKT6/UGG:yYG8iuF6yTCYFH5GjLPtVZVZRxOZZ
                                                                                                                  MD5:8E16966E815C3C274EEB8492B1EA6648
                                                                                                                  SHA1:7482ED9F1C9FD9F6F9BA91AB15921B19F64C9687
                                                                                                                  SHA-256:418FF53FCA505D54268413C796E4DF80E947A09F399AB222A90B81E93113D5B5
                                                                                                                  SHA-512:85B28202E874B1CF45B37BA05B87B3D8D6FE38E89C6011C4240CF6B563EA6DA60181D712CCE20D07C364F4A266A4EC90C4934CC8B7BB2013CB3B22D755796E38
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "........ .....".. },.. "explanationofflinedisabled": {.. "message": ".... ..................... ......... ............. Google ...... ....., Google ...... ............ ............... .... ..... ...... .... .... ............ ............. ........ ..... ... .....".. },.. "explanationofflineenabled": {.. "message": ".... ...................., .... .... .... ......... ........... ............ .... ........ .........."..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\ko\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1042
                                                                                                                  Entropy (8bit):5.3945675025513955
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HAWYsF4dqNfBQH49Hk8YfIhYzTJ+6WJBtl/u4s+6:ZF4wNfvm87mX4LF6
                                                                                                                  MD5:F3E59EEEB007144EA26306C20E04C292
                                                                                                                  SHA1:83E7BDFA1F18F4C7534208493C3FF6B1F2F57D90
                                                                                                                  SHA-256:C52D9B955D229373725A6E713334BBB31EA72EFA9B5CF4FBD76A566417B12CAC
                                                                                                                  SHA-512:7808CB5FF041B002CBD78171EC5A0B4DBA3E017E21F7E8039084C2790F395B839BEE04AD6C942EED47CCB53E90F6DE818A725D1450BF81BA2990154AFD3763AF
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": ".. ...".. },.. "explanationofflinedisabled": {.. "message": ".... ...... ... .. .. Google Docs. ..... Google Docs .... .... .... .... .... ..... . .... .... ..... ......".. },.. "explanationofflineenabled": {.. "message": ".... ...... ... .. ... ... ..... ... ... .. . .....".. },.. "extdesc": {.. "message": ".... .... ... .., ...... . ....... .., .., ......".. },.. "extname": {.. "message": "Google Docs ....".. },.. "learnmore": {.. "message": "... ....".. },.. "popuphelptext": {.. "message": "... .. ... .... ..... .... .... .....

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\lo\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2535
                                                                                                                  Entropy (8bit):3.8479764584971368
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:YRcHe/4raK1EIlZt1wg62FIOg+xGaF8guI5EP9I2yC:+cs4raK1xlZtOgviOfGaF8RI5EP95b
                                                                                                                  MD5:E20D6C27840B406555E2F5091B118FC5
                                                                                                                  SHA1:0DCECC1A58CEB4936E255A64A2830956BFA6EC14
                                                                                                                  SHA-256:89082FB05229826BC222F5D22C158235F025F0E6DF67FF135A18BD899E13BB8F
                                                                                                                  SHA-512:AD53FC0B153005F47F9F4344DF6C4804049FAC94932D895FD02EEBE75222CFE77EEDD9CD3FDC4C88376D18C5972055B00190507AA896488499D64E884F84F093
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"createnew":{"message":"\u0eaa\u0ec9\u0eb2\u0e87\u0ec3\u0edd\u0ec8"},"explanationofflinedisabled":{"message":"\u0e97\u0ec8\u0eb2\u0e99\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ea2\u0eb9\u0ec8. \u0ec0\u0e9e\u0eb7\u0ec8\u0ead\u0ec3\u0e8a\u0ec9 Google Docs \u0ec2\u0e94\u0e8d\u0e9a\u0ecd\u0ec8\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94, \u0ec3\u0eab\u0ec9\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e81\u0eb2\u0e99\u0e95\u0eb1\u0ec9\u0e87\u0e84\u0ec8\u0eb2\u0ec3\u0e99\u0edc\u0ec9\u0eb2 Google Docs \u0ec1\u0ea5\u0ec9\u0ea7\u0ec0\u0e9b\u0eb5\u0e94\u0ec3\u0e8a\u0ec9\u0e81\u0eb2\u0e99\u0e8a\u0eb4\u0ec9\u0e87\u0ec1\u0e9a\u0e9a\u0ead\u0ead\u0e9a\u0ea5\u0eb2\u0e8d\u0ec3\u0e99\u0ec0\u0e97\u0eb7\u0ec8\u0ead\u0e95\u0ecd\u0ec8\u0ec4\u0e9b\u0e97\u0eb5\u0ec8\u0e97\u0ec8\u0eb2\u0e99\u0ec0\u0e8a\u0eb7\u0ec8\u0ead\u0ea1\u0e95\u0ecd\u0ec8\u0ead\u0eb4\u0e99\u0ec0\u0e95\u0eb5\u0ec0\u0e99\u0eb1\u0e94."},"explanationofflineenabled":{"message":"\u0e97\u0ec

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\lt\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1028
                                                                                                                  Entropy (8bit):4.797571191712988
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HAivZZaJ3Rje394+k7IKgpAJjUpSkiQjuRBMd:fZZahBeu7IKgqeMg
                                                                                                                  MD5:970544AB4622701FFDF66DC556847652
                                                                                                                  SHA1:14BEE2B77EE74C5E38EBD1DB09E8D8104CF75317
                                                                                                                  SHA-256:5DFCBD4DFEAEC3ABE973A78277D3BD02CD77AE635D5C8CD1F816446C61808F59
                                                                                                                  SHA-512:CC12D00C10B970189E90D47390EEB142359A8D6F3A9174C2EF3AE0118F09C88AB9B689D9773028834839A7DFAF3AAC6747BC1DCB23794A9F067281E20B8DC6EA
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "SUKURTI NAUJ.".. },.. "explanationofflinedisabled": {.. "message": "Esate neprisijung.. Jei norite naudoti .Google. dokumentus be interneto ry.io, pagrindiniame .Google. dokument. puslapyje eikite . nustatym. skilt. ir .junkite sinchronizavim. neprisijungus, kai kit. kart. b.site prisijung. prie interneto.".. },.. "explanationofflineenabled": {.. "message": "Esate neprisijung., bet vis tiek galite redaguoti pasiekiamus failus arba sukurti nauj..".. },.. "extdesc": {.. "message": "Redaguokite, kurkite ir per.i.r.kite savo dokumentus, skai.iuokles ir pristatymus . visk. darykite be prieigos prie interneto.".. },.. "extname": {.. "message": ".Google. dokumentai neprisijungus".. },.. "learnmore": {.. "message": "Su.inoti daugiau".. },.. "popuphelptext": {.. "message": "Ra.ykite, redaguokite ir bendradarbiaukite bet kurioje vietoje naudodami interneto ry.. arba

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\lv\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):994
                                                                                                                  Entropy (8bit):4.700308832360794
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HAaJ7a/uNpoB/Y4vPnswSPkDzLKFQHpp//BpPDB:7J7a/uzQ/Y4vvswhDzDr/LDB
                                                                                                                  MD5:A568A58817375590007D1B8ABCAEBF82
                                                                                                                  SHA1:B0F51FE6927BB4975FC6EDA7D8A631BF0C1AB597
                                                                                                                  SHA-256:0621DE9161748F45D53052ED8A430962139D7F19074C7FFE7223ECB06B0B87DB
                                                                                                                  SHA-512:FCFBADEC9F73975301AB404DB6B09D31457FAC7CCAD2FA5BE348E1CAD6800F87CB5B56DE50880C55BBADB3C40423351A6B5C2D03F6A327D898E35F517B1C628C
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "IZVEIDOT JAUNU".. },.. "explanationofflinedisabled": {.. "message": "J.s esat bezsaist.. Lai lietotu pakalpojumu Google dokumenti bez interneta savienojuma, n.kamaj. reiz., kad ir izveidots savienojums ar internetu, atveriet Google dokumentu s.kumlapas iestat.jumu izv.lni un iesl.dziet sinhroniz.ciju bezsaist..".. },.. "explanationofflineenabled": {.. "message": "J.s esat bezsaist., ta.u varat redi..t pieejamos failus un izveidot jaunus.".. },.. "extdesc": {.. "message": "Redi..jiet, veidojiet un skatiet savus dokumentus, izkl.jlapas un prezent.cijas, neizmantojot savienojumu ar internetu.".. },.. "extname": {.. "message": "Google dokumenti bezsaist.".. },.. "learnmore": {.. "message": "Uzziniet vair.k".. },.. "popuphelptext": {.. "message": "Rakstiet, redi..jiet un sadarbojieties ar interneta savienojumu vai bez t. neatkar.gi no t., kur atrodaties.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\ml\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2091
                                                                                                                  Entropy (8bit):4.358252286391144
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HAnHdGc4LtGxVY6IuVzJkeNL5kP13a67wNcYP8j5PIaSTIjPU4ELFPCWJjMupV/:idGcyYPVtkAUl7wqziBsg9DbpN6XoN/
                                                                                                                  MD5:4717EFE4651F94EFF6ACB6653E868D1A
                                                                                                                  SHA1:B8A7703152767FBE1819808876D09D9CC1C44450
                                                                                                                  SHA-256:22CA9415E294D9C3EC3384B9D08CDAF5164AF73B4E4C251559E09E529C843EA6
                                                                                                                  SHA-512:487EAB4938F6BC47B1D77DD47A5E2A389B94E01D29849E38E96C95CABC7BD98679451F0E22D3FEA25C045558CD69FDDB6C4FEF7C581141F1C53C4AA17578D7F7
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "....... ............".. },.. "explanationofflinedisabled": {.. "message": "...... ........... ........... ............. ..... Google ....... ..........., Google ....... .......... ............. .... ...... ...... ... ............... .................... '.......... ................' .........".. },.. "explanationofflineenabled": {.. "message": "................., .......... ......... ....... ...... ..............

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\mn\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2778
                                                                                                                  Entropy (8bit):3.595196082412897
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:Y943BFU1LQ4HwQLQ4LQhlmVQL3QUm6H6ZgFIcwn6Rs2ShpQ3IwjGLQSJ/PYoEQj8:I43BCymz8XNcfuQDXYN2sum
                                                                                                                  MD5:83E7A14B7FC60D4C66BF313C8A2BEF0B
                                                                                                                  SHA1:1CCF1D79CDED5D65439266DB58480089CC110B18
                                                                                                                  SHA-256:613D8751F6CC9D3FA319F4B7EA8B2BD3BED37FD077482CA825929DD7C12A69A8
                                                                                                                  SHA-512:3742E24FFC4B5283E6EE496813C1BDC6835630D006E8647D427C3DE8B8E7BF814201ADF9A27BFAB3ABD130B6FEC64EBB102AC0EB8DEDFE7B63D82D3E1233305D
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"createnew":{"message":"\u0428\u0418\u041d\u0418\u0419\u0413 \u04ae\u04ae\u0421\u0413\u042d\u0425"},"explanationofflinedisabled":{"message":"\u0422\u0430 \u043e\u0444\u043b\u0430\u0439\u043d \u0431\u0430\u0439\u043d\u0430. Google \u0414\u043e\u043a\u044b\u0433 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u0433\u04af\u0439\u0433\u044d\u044d\u0440 \u0430\u0448\u0438\u0433\u043b\u0430\u0445\u044b\u043d \u0442\u0443\u043b\u0434 \u0434\u0430\u0440\u0430\u0430\u0433\u0438\u0439\u043d \u0443\u0434\u0430\u0430 \u0438\u043d\u0442\u0435\u0440\u043d\u044d\u0442\u044d\u0434 \u0445\u043e\u043b\u0431\u043e\u0433\u0434\u043e\u0445\u0434\u043e\u043e Google \u0414\u043e\u043a\u044b\u043d \u043d\u04af\u04af\u0440 \u0445\u0443\u0443\u0434\u0430\u0441\u043d\u0430\u0430\u0441 \u0442\u043e\u0445\u0438\u0440\u0433\u043e\u043e \u0434\u043e\u0442\u043e\u0440\u0445 \u043e\u0444\u043b\u0430\u0439\u043d \u0441\u0438\u043d\u043a\u0438\u0439\u0433 \u0438\u0434\u044d\u0432\u0445\u0436\u04af\u04af\u043b\u043d\u0

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\mr\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1719
                                                                                                                  Entropy (8bit):4.287702203591075
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:65/5EKaDMw6pEf4I5+jSksOTJqQyrFO8C:65/5EKaAw6pEf4I5+vsOVqQyFO8C
                                                                                                                  MD5:3B98C4ED8874A160C3789FEAD5553CFA
                                                                                                                  SHA1:5550D0EC548335293D962AAA96B6443DD8ABB9F6
                                                                                                                  SHA-256:ADEB082A9C754DFD5A9D47340A3DDCC19BF9C7EFA6E629A2F1796305F1C9A66F
                                                                                                                  SHA-512:5139B6C6DF9459C7B5CDC08A98348891499408CD75B46519BA3AC29E99AAAFCC5911A1DEE6C3A57E3413DBD0FAE72D7CBC676027248DCE6364377982B5CE4151
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": ".... .... ...".. },.. "explanationofflinedisabled": {.. "message": "...... ...... ..... ......... ....... ....... ..... Google ....... ............, Google ....... .............. .......... .. ... ..... .... ...... ......... ...... ...... ...... .... .... ....".. },.. "explanationofflineenabled": {.. "message": "...... ...... ...., ..... ...... ...... ...... .... ....... ... ..... .... .... ... .....".. },.. "extdesc": {.. "message": "..... ..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\ms\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):936
                                                                                                                  Entropy (8bit):4.457879437756106
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HARXIqhmemNKsE27rhdfNLChtyo2JJ/YgTgin:iIqFC7lrDfNLCIBRzn
                                                                                                                  MD5:7D273824B1E22426C033FF5D8D7162B7
                                                                                                                  SHA1:EADBE9DBE5519BD60458B3551BDFC36A10049DD1
                                                                                                                  SHA-256:2824CF97513DC3ECC261F378BFD595AE95A5997E9D1C63F5731A58B1F8CD54F9
                                                                                                                  SHA-512:E5B611BBFAB24C9924D1D5E1774925433C65C322769E1F3B116254B1E9C69B6DF1BE7828141EEBBF7524DD179875D40C1D8F29C4FB86D663B8A365C6C60421A7
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "BUAT BAHARU".. },.. "explanationofflinedisabled": {.. "message": "Anda berada di luar talian. Untuk menggunakan Google Docs tanpa sambungan Internet, pergi ke tetapan di halaman utama Google Docs dan hidupkan penyegerakan luar talian apabila anda disambungkan ke Internet selepas ini.".. },.. "explanationofflineenabled": {.. "message": "Anda berada di luar talian, tetapi anda masih boleh mengedit fail yang tersedia atau buat fail baharu.".. },.. "extdesc": {.. "message": "Edit, buat dan lihat dokumen, hamparan dan pembentangan anda . kesemuanya tanpa akses Internet.".. },.. "extname": {.. "message": "Google Docs Luar Talian".. },.. "learnmore": {.. "message": "Ketahui Lebih Lanjut".. },.. "popuphelptext": {.. "message": "Tulis, edit dan bekerjasama di mana-mana sahaja anda berada, dengan atau tanpa sambungan Internet.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\my\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):3830
                                                                                                                  Entropy (8bit):3.5483353063347587
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:Ya+Ivxy6ur1+j3P7Xgr5ELkpeCgygyOxONHO3pj6H57ODyOXOVp6:8Uspsj3P3ty2a66xl09
                                                                                                                  MD5:342335A22F1886B8BC92008597326B24
                                                                                                                  SHA1:2CB04F892E430DCD7705C02BF0A8619354515513
                                                                                                                  SHA-256:243BEFBD6B67A21433DCC97DC1A728896D3A070DC20055EB04D644E1BB955FE7
                                                                                                                  SHA-512:CD344D060E30242E5A4705547E807CE3CE2231EE983BB9A8AD22B3E7598A7EC87399094B04A80245AD51D039370F09D74FE54C0B0738583884A73F0C7E888AD8
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"createnew":{"message":"\u1021\u101e\u1005\u103a \u1015\u103c\u102f\u101c\u102f\u1015\u103a\u101b\u1014\u103a"},"explanationofflinedisabled":{"message":"\u101e\u1004\u103a \u1021\u1031\u102c\u1037\u1016\u103a\u101c\u102d\u102f\u1004\u103a\u1038\u1016\u103c\u1005\u103a\u1014\u1031\u1015\u102b\u101e\u100a\u103a\u104b \u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u1019\u103e\u102f \u1019\u101b\u103e\u102d\u1018\u1032 Google Docs \u1000\u102d\u102f \u1021\u101e\u102f\u1036\u1038\u1015\u103c\u102f\u101b\u1014\u103a \u1014\u1031\u102c\u1000\u103a\u1010\u1005\u103a\u1000\u103c\u102d\u1019\u103a \u101e\u1004\u103a\u1021\u1004\u103a\u1010\u102c\u1014\u1000\u103a\u1001\u103b\u102d\u1010\u103a\u1006\u1000\u103a\u101e\u100a\u1037\u103a\u1021\u1001\u102b Google Docs \u1015\u1004\u103a\u1019\u1005\u102c\u1019\u103b\u1000\u103a\u1014\u103e\u102c\u101b\u103e\u102d \u1006\u1000\u103a\u1010\u1004\u103a\u1019\u103b\u102c\u1038\u101e\u102d\u102f\u1037\u1

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\ne\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1898
                                                                                                                  Entropy (8bit):4.187050294267571
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HAmQ6ZSWfAx6fLMr48tE/cAbJtUZJScSIQoAfboFMiQ9pdvz48YgqG:TQ6W6MbkcAltUJxQdfbqQ9pp0gqG
                                                                                                                  MD5:B1083DA5EC718D1F2F093BD3D1FB4F37
                                                                                                                  SHA1:74B6F050D918448396642765DEF1AD5390AB5282
                                                                                                                  SHA-256:E6ED0A023EF31705CCCBAF1E07F2B4B2279059296B5CA973D2070417BA16F790
                                                                                                                  SHA-512:7102B90ABBE2C811E8EE2F1886A73B1298D4F3D5D05F0FFDB57CF78B9A49A25023A290B255BAA4895BB150B388BAFD9F8432650B8C70A1A9A75083FFFCD74F1A
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": ".... ....... .........".. },.. "explanationofflinedisabled": {.. "message": "..... ...... .......... .... ........ .... .... Google ........ ...... .... ..... ..... ... .......... ....... .... Google ........ .......... ..... .......... .. ...... ..... .... ..... ......... .. ..........".. },.. "explanationofflineenabled": {.. "message": "..... ...... ........., .. ..... ... ... ...... ....... ....... .. .... ....... ....

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\nl\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):914
                                                                                                                  Entropy (8bit):4.513485418448461
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:1HASvgFARCBxNBv52/fXjOXl6W6ICBxeBvMzU1CSUJAO6SFAIVIbCBhZHdb1tvz+:1HABJx4X6QDwEzlm2uGvYzKU
                                                                                                                  MD5:32DF72F14BE59A9BC9777113A8B21DE6
                                                                                                                  SHA1:2A8D9B9A998453144307DD0B700A76E783062AD0
                                                                                                                  SHA-256:F3FE1FFCB182183B76E1B46C4463168C746A38E461FD25CA91FF2A40846F1D61
                                                                                                                  SHA-512:E0966F5CCA5A8A6D91C58D716E662E892D1C3441DAA5D632E5E843839BB989F620D8AC33ED3EDBAFE18D7306B40CD0C4639E5A4E04DA2C598331DACEC2112AAD
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "NIEUW MAKEN".. },.. "explanationofflinedisabled": {.. "message": "Je bent offline. Wil je Google Documenten zonder internetverbinding gebruiken, ga dan de volgende keer dat je verbinding met internet hebt naar 'Instellingen' op de homepage van Google Documenten en zet 'Offline synchronisatie' aan.".. },.. "explanationofflineenabled": {.. "message": "Je bent offline, maar je kunt nog wel beschikbare bestanden bewerken of nieuwe bestanden maken.".. },.. "extdesc": {.. "message": "Bewerk, maak en bekijk je documenten, spreadsheets en presentaties. Allemaal zonder internettoegang.".. },.. "extname": {.. "message": "Offline Documenten".. },.. "learnmore": {.. "message": "Meer informatie".. },.. "popuphelptext": {.. "message": "Overal schrijven, bewerken en samenwerken, met of zonder internetverbinding.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\no\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):878
                                                                                                                  Entropy (8bit):4.4541485835627475
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HAqwwrJ6wky68uk+NILxRGJwBvDyrj9V:nwwQwky6W+NwswVyT
                                                                                                                  MD5:A1744B0F53CCF889955B95108367F9C8
                                                                                                                  SHA1:6A5A6771DFF13DCB4FD425ED839BA100B7123DE0
                                                                                                                  SHA-256:21CEFF02B45A4BFD60D144879DFA9F427949A027DD49A3EB0E9E345BD0B7C9A8
                                                                                                                  SHA-512:F55E43F14514EECB89F6727A0D3C234149609020A516B193542B5964D2536D192F40CC12D377E70C683C269A1BDCDE1C6A0E634AA84A164775CFFE776536A961
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "OPPRETT NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du er uten nett. For . bruke Google Dokumenter uten internettilkobling, g. til innstillingene p. Google Dokumenter-nettsiden og sl. p. synkronisering uten nett neste gang du er koblet til Internett.".. },.. "explanationofflineenabled": {.. "message": "Du er uten nett, men du kan likevel endre tilgjengelige filer eller opprette nye.".. },.. "extdesc": {.. "message": "Rediger, opprett og se dokumentene, regnearkene og presentasjonene dine . uten nettilgang.".. },.. "extname": {.. "message": "Google Dokumenter uten nett".. },.. "learnmore": {.. "message": "Finn ut mer".. },.. "popuphelptext": {.. "message": "Skriv, rediger eller samarbeid uansett hvor du er, med eller uten internettilkobling.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\pa\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2766
                                                                                                                  Entropy (8bit):3.839730779948262
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:YEH6/o0iZbNCbDMUcipdkNtQjsGKIhO9aBjj/nxt9o5nDAj3:p6wbZbEbvJ8jQkIhO9aBjb/90Ab
                                                                                                                  MD5:97F769F51B83D35C260D1F8CFD7990AF
                                                                                                                  SHA1:0D59A76564B0AEE31D0A074305905472F740CECA
                                                                                                                  SHA-256:BBD37D41B7DE6F93948FA2437A7699D4C30A3C39E736179702F212CB36A3133C
                                                                                                                  SHA-512:D91F5E2D22FC2D7F73C1F1C4AF79DB98FCFD1C7804069AE9B2348CBC729A6D2DFF7FB6F44D152B0BDABA6E0D05DFF54987E8472C081C4D39315CEC2CBC593816
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"createnew":{"message":"\u0a28\u0a35\u0a3e\u0a02 \u0a2c\u0a23\u0a3e\u0a13"},"explanationofflinedisabled":{"message":"\u0a24\u0a41\u0a38\u0a40\u0a02 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a39\u0a4b\u0964 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a15\u0a28\u0a48\u0a15\u0a36\u0a28 \u0a26\u0a47 \u0a2c\u0a3f\u0a28\u0a3e\u0a02 Google Docs \u0a28\u0a42\u0a70 \u0a35\u0a30\u0a24\u0a23 \u0a32\u0a08, \u0a05\u0a17\u0a32\u0a40 \u0a35\u0a3e\u0a30 \u0a1c\u0a26\u0a4b\u0a02 \u0a24\u0a41\u0a38\u0a40\u0a02 \u0a07\u0a70\u0a1f\u0a30\u0a28\u0a48\u0a71\u0a1f \u0a26\u0a47 \u0a28\u0a3e\u0a32 \u0a15\u0a28\u0a48\u0a15\u0a1f \u0a39\u0a4b\u0a35\u0a4b \u0a24\u0a3e\u0a02 Google Docs \u0a2e\u0a41\u0a71\u0a16 \u0a2a\u0a70\u0a28\u0a47 '\u0a24\u0a47 \u0a38\u0a48\u0a1f\u0a3f\u0a70\u0a17\u0a3e\u0a02 \u0a35\u0a3f\u0a71\u0a1a \u0a1c\u0a3e\u0a13 \u0a05\u0a24\u0a47 \u0a06\u0a2b\u0a3c\u0a32\u0a3e\u0a08\u0a28 \u0a38\u0a3f\u0a70\u0a15 \u0a28\u0a42\u0a70 \u0a1a\u0a3e\u0a32\u0a42 \u0a15\u0a30\u0a4b\u0964"},"expla

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\pl\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):978
                                                                                                                  Entropy (8bit):4.879137540019932
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HApiJiRelvm3wi8QAYcbm24sK+tFJaSDD:FJMx3whxYcbNp
                                                                                                                  MD5:B8D55E4E3B9619784AECA61BA15C9C0F
                                                                                                                  SHA1:B4A9C9885FBEB78635957296FDDD12579FEFA033
                                                                                                                  SHA-256:E00FF20437599A5C184CA0C79546CB6500171A95E5F24B9B5535E89A89D3EC3D
                                                                                                                  SHA-512:266589116EEE223056391C65808255EDAE10EB6DC5C26655D96F8178A41E283B06360AB8E08AC3857D172023C4F616EF073D0BEA770A3B3DD3EE74F5FFB2296B
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "UTW.RZ NOWY".. },.. "explanationofflinedisabled": {.. "message": "Jeste. offline. Aby korzysta. z Dokument.w Google bez po..czenia internetowego, otw.rz ustawienia na stronie g..wnej Dokument.w Google i w..cz synchronizacj. offline nast.pnym razem, gdy b.dziesz mie. dost.p do internetu.".. },.. "explanationofflineenabled": {.. "message": "Jeste. offline, ale nadal mo.esz edytowa. dost.pne pliki i tworzy. nowe.".. },.. "extdesc": {.. "message": "Edytuj, tw.rz i wy.wietlaj swoje dokumenty, arkusze kalkulacyjne oraz prezentacje bez konieczno.ci ..czenia si. z internetem.".. },.. "extname": {.. "message": "Dokumenty Google offline".. },.. "learnmore": {.. "message": "Wi.cej informacji".. },.. "popuphelptext": {.. "message": "Pisz, edytuj i wsp..pracuj, gdziekolwiek jeste. . niezale.nie od tego, czy masz po..czenie z internetem.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\pt_BR\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):907
                                                                                                                  Entropy (8bit):4.599411354657937
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:1HASvgU30CBxNd6GwXOK1styCJ02OK9+4KbCBxed6X4LBAt4rXgUCSUuYDHIIQka:1HAcXlyCJ5+Tsz4LY4rXSw/Q+ftkC
                                                                                                                  MD5:608551F7026E6BA8C0CF85D9AC11F8E3
                                                                                                                  SHA1:87B017B2D4DA17E322AF6384F82B57B807628617
                                                                                                                  SHA-256:A73EEA087164620FA2260D3910D3FBE302ED85F454EDB1493A4F287D42FC882F
                                                                                                                  SHA-512:82F52F8591DB3C0469CC16D7CBFDBF9116F6D5B5D2AD02A3D8FA39CE1378C64C0EA80AB8509519027F71A89EB8BBF38A8702D9AD26C8E6E0F499BF7DA18BF747
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Voc. est. off-line. Para usar o Documentos Google sem conex.o com a Internet, na pr.xima vez que se conectar, acesse as configura..es na p.gina inicial do Documentos Google e ative a sincroniza..o off-line.".. },.. "explanationofflineenabled": {.. "message": "Voc. est. off-line, mas mesmo assim pode editar os arquivos dispon.veis ou criar novos arquivos.".. },.. "extdesc": {.. "message": "Edite, crie e veja seus documentos, planilhas e apresenta..es sem precisar de acesso . Internet.".. },.. "extname": {.. "message": "Documentos Google off-line".. },.. "learnmore": {.. "message": "Saiba mais".. },.. "popuphelptext": {.. "message": "Escreva, edite e colabore onde voc. estiver, com ou sem conex.o com a Internet.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\pt_PT\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):914
                                                                                                                  Entropy (8bit):4.604761241355716
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HAcXzw8M+N0STDIjxX+qxCjKw5BKriEQFMJXkETs:zXzw0pKXbxqKw5BKri3aNY
                                                                                                                  MD5:0963F2F3641A62A78B02825F6FA3941C
                                                                                                                  SHA1:7E6972BEAB3D18E49857079A24FB9336BC4D2D48
                                                                                                                  SHA-256:E93B8E7FB86D2F7DFAE57416BB1FB6EE0EEA25629B972A5922940F0023C85F90
                                                                                                                  SHA-512:22DD42D967124DA5A2209DD05FB6AD3F5D0D2687EA956A22BA1E31C56EC09DEB53F0711CD5B24D672405358502E9D1C502659BB36CED66CAF83923B021CA0286
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "CRIAR NOVO".. },.. "explanationofflinedisabled": {.. "message": "Est. offline. Para utilizar o Google Docs sem uma liga..o . Internet, aceda .s defini..es na p.gina inicial do Google Docs e ative a sincroniza..o offline da pr.xima vez que estiver ligado . Internet.".. },.. "explanationofflineenabled": {.. "message": "Est. offline, mas continua a poder editar os ficheiros dispon.veis ou criar novos ficheiros.".. },.. "extdesc": {.. "message": "Edite, crie e veja os documentos, as folhas de c.lculo e as apresenta..es, tudo sem precisar de aceder . Internet.".. },.. "extname": {.. "message": "Google Docs offline".. },.. "learnmore": {.. "message": "Saber mais".. },.. "popuphelptext": {.. "message": "Escreva edite e colabore onde quer que esteja, com ou sem uma liga..o . Internet.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\ro\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):937
                                                                                                                  Entropy (8bit):4.686555713975264
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HA8dC6e6w+uFPHf2TFMMlecFpweWV4RE:pC6KvHf4plVweCx
                                                                                                                  MD5:BED8332AB788098D276B448EC2B33351
                                                                                                                  SHA1:6084124A2B32F386967DA980CBE79DD86742859E
                                                                                                                  SHA-256:085787999D78FADFF9600C9DC5E3FF4FB4EB9BE06D6BB19DF2EEF8C284BE7B20
                                                                                                                  SHA-512:22596584D10707CC1C8179ED3ABE46EF2C314CF9C3D0685921475944B8855AAB660590F8FA1CFDCE7976B4BB3BD9ABBBF053F61F1249A325FD0094E1C95692ED
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "CREEAZ. UN DOCUMENT".. },.. "explanationofflinedisabled": {.. "message": "E.ti offline. Pentru a utiliza Documente Google f.r. conexiune la internet, intr. .n set.rile din pagina principal. Documente Google .i activeaz. sincronizarea offline data viitoare c.nd e.ti conectat(.) la internet.".. },.. "explanationofflineenabled": {.. "message": "E.ti offline, dar po.i .nc. s. editezi fi.ierele disponibile sau s. creezi altele.".. },.. "extdesc": {.. "message": "Editeaz., creeaz. .i acceseaz. documente, foi de calcul .i prezent.ri - totul f.r. acces la internet.".. },.. "extname": {.. "message": "Documente Google Offline".. },.. "learnmore": {.. "message": "Afl. mai multe".. },.. "popuphelptext": {.. "message": "Scrie, editeaz. .i colaboreaz. oriunde ai fi, cu sau f.r. conexiune la internet.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\ru\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1337
                                                                                                                  Entropy (8bit):4.69531415794894
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HABEapHTEmxUomjsfDVs8THjqBK8/hHUg41v+Lph5eFTHQ:I/VdxUomjsre8Kh4Riph5eFU
                                                                                                                  MD5:51D34FE303D0C90EE409A2397FCA437D
                                                                                                                  SHA1:B4B9A7B19C62D0AA95D1F10640A5FBA628CCCA12
                                                                                                                  SHA-256:BE733625ACD03158103D62BC0EEF272CA3F265AC30C87A6A03467481A177DAE3
                                                                                                                  SHA-512:E8670DED44DC6EE30E5F41C8B2040CF8A463CD9A60FC31FA70EB1D4C9AC1A3558369792B5B86FA761A21F5266D5A35E5C2C39297F367DAA84159585C19EC492A
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": ".......".. },.. "explanationofflinedisabled": {.. "message": "..... ............ Google ......... ... ........., ............ . .... . ......... ............. . ......-...... . .......... .. ......... .........".. },.. "explanationofflineenabled": {.. "message": "... ........... . .......... .. ...... ......... ..... ..... . ............. .., . ....... ........ ......-.......".. },.. "extdesc": {.. "message": ".........., .............. . ............ ........., ....... . ........... ... ....... . ..........".. },.. "extname": {.. "message": "Google.......... ......".. },.. "learnmore": {.

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\si\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2846
                                                                                                                  Entropy (8bit):3.7416822879702547
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:YWi+htQTKEQb3aXQYJLSWy7sTQThQTnQtQTrEmQ6kiLsegQSJFwsQGaiPn779I+S:zhiTK5b3tUGVjTGTnQiTryOLpyaxYf/S
                                                                                                                  MD5:B8A4FD612534A171A9A03C1984BB4BDD
                                                                                                                  SHA1:F513F7300827FE352E8ECB5BD4BB1729F3A0E22A
                                                                                                                  SHA-256:54241EBE651A8344235CC47AFD274C080ABAEBC8C3A25AFB95D8373B6A5670A2
                                                                                                                  SHA-512:C03E35BFDE546AEB3245024EF721E7E606327581EFE9EAF8C5B11989D9033BDB58437041A5CB6D567BAA05466B6AAF054C47F976FD940EEEDF69FDF80D79095B
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"createnew":{"message":"\u0db1\u0dc0 \u0dbd\u0dda\u0d9b\u0db1\u0dba\u0d9a\u0dca \u0dc3\u0dcf\u0daf\u0db1\u0dca\u0db1"},"explanationofflinedisabled":{"message":"\u0d94\u0db6 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2\u0dba. \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd \u0dc3\u0db8\u0dca\u0db6\u0db1\u0dca\u0db0\u0dad\u0dcf\u0dc0\u0d9a\u0dca \u0db1\u0ddc\u0db8\u0dd0\u0dad\u0dd2\u0dc0 Google Docs \u0db7\u0dcf\u0dc0\u0dd2\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8\u0da7, Google Docs \u0db8\u0dd4\u0dbd\u0dca \u0db4\u0dd2\u0da7\u0dd4\u0dc0 \u0db8\u0dad \u0dc3\u0dd0\u0d9a\u0dc3\u0dd3\u0db8\u0dca \u0dc0\u0dd9\u0dad \u0d9c\u0ddc\u0dc3\u0dca \u0d94\u0db6 \u0d8a\u0dc5\u0d9f \u0d85\u0dc0\u0dc3\u0dca\u0dae\u0dcf\u0dc0\u0dda \u0d85\u0db1\u0dca\u0dad\u0dbb\u0dca\u0da2\u0dcf\u0dbd\u0dba\u0da7 \u0dc3\u0db6\u0dd0\u0db3\u0dd2 \u0dc0\u0dd2\u0da7 \u0db1\u0ddc\u0db6\u0dd0\u0db3\u0dd2 \u0dc3\u0db8\u0db8\u0dd4\u0dc4\u0dd4\u0dbb\u0dca\u0dad \u0d9a\u0dd2\u0dbb\u0dd3\u0db8 \u0d9a\u0dca\u200d\u0dbb\u0dd2\u0dba\u0dc

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\sk\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):934
                                                                                                                  Entropy (8bit):4.882122893545996
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HAF8pMv1RS4LXL22IUjdh8uJwpPqLDEtxKLhSS:hyv1RS4LXx38u36QsS
                                                                                                                  MD5:8E55817BF7A87052F11FE554A61C52D5
                                                                                                                  SHA1:9ABDC0725FE27967F6F6BE0DF5D6C46E2957F455
                                                                                                                  SHA-256:903060EC9E76040B46DEB47BBB041D0B28A6816CB9B892D7342FC7DC6782F87C
                                                                                                                  SHA-512:EFF9EC7E72B272DDE5F29123653BC056A4BC2C3C662AE3C448F8CB6A4D1865A0679B7E74C1B3189F3E262109ED6BC8F8D2BDE14AEFC8E87E0F785AE4837D01C7
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "VYTVORI. NOV.".. },.. "explanationofflinedisabled": {.. "message": "Ste offline. Ak chcete pou.i. Dokumenty Google bez pripojenia na internet, po najbli..om pripojen. na internet prejdite do nastaven. na domovskej str.nke Dokumentov Google a.zapnite offline synchroniz.ciu.".. },.. "explanationofflineenabled": {.. "message": "Ste offline, no st.le m..ete upravova. dostupn. s.bory a.vytv.ra. nov..".. },.. "extdesc": {.. "message": ".prava, tvorba a.zobrazenie dokumentov, tabuliek a.prezent.ci.. To v.etko bez pr.stupu na internet.".. },.. "extname": {.. "message": "Dokumenty Google v re.ime offline".. },.. "learnmore": {.. "message": ".al.ie inform.cie".. },.. "popuphelptext": {.. "message": "P..te, upravujte a.spolupracuje, kdeko.vek ste, a.to s.pripojen.m na internet aj bez neho.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\sl\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):963
                                                                                                                  Entropy (8bit):4.6041913416245
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:1HASvgfECBxNFCEuKXowwJrpvPwNgEcPJJJEfWOCBxeFCJuGuU4KYXCSUXKDxX4A:1HAXMKYw8VYNLcaeDmKYLdX2zJBG5
                                                                                                                  MD5:BFAEFEFF32813DF91C56B71B79EC2AF4
                                                                                                                  SHA1:F8EDA2B632610972B581724D6B2F9782AC37377B
                                                                                                                  SHA-256:AAB9CF9098294A46DC0F2FA468AFFF7CA7C323A1A0EFA70C9DB1E3A4DA05D1D4
                                                                                                                  SHA-512:971F2BBF5E9C84DE3D31E5F2A4D1A00D891A2504F8AF6D3F75FC19056BFD059A270C4C9836AF35258ABA586A1888133FB22B484F260C1CBC2D1D17BC3B4451AA
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "USTVARI NOVO".. },.. "explanationofflinedisabled": {.. "message": "Nimate vzpostavljene povezave. .e .elite uporabljati Google Dokumente brez internetne povezave, odprite nastavitve na doma.i strani Google Dokumentov in vklopite sinhronizacijo brez povezave, ko naslednji. vzpostavite internetno povezavo.".. },.. "explanationofflineenabled": {.. "message": "Nimate vzpostavljene povezave, vendar lahko .e vedno urejate razpolo.ljive datoteke ali ustvarjate nove.".. },.. "extdesc": {.. "message": "Urejajte, ustvarjajte in si ogledujte dokumente, preglednice in predstavitve . vse to brez internetnega dostopa.".. },.. "extname": {.. "message": "Google Dokumenti brez povezave".. },.. "learnmore": {.. "message": "Ve. o tem".. },.. "popuphelptext": {.. "message": "Pi.ite, urejajte in sodelujte, kjer koli ste, z internetno povezavo ali brez nje.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\sr\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1320
                                                                                                                  Entropy (8bit):4.569671329405572
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HArg/fjQg2JwrfZtUWTrw1P4epMnRGi5TBmuPDRxZQ/XtiCw/Rwh/Q9EVz:ogUg2JwDZe6rwKI8VTP9xK1CwhI94
                                                                                                                  MD5:7F5F8933D2D078618496C67526A2B066
                                                                                                                  SHA1:B7050E3EFA4D39548577CF47CB119FA0E246B7A4
                                                                                                                  SHA-256:4E8B69E864F57CDDD4DC4E4FAF2C28D496874D06016BC22E8D39E0CB69552769
                                                                                                                  SHA-512:0FBAB56629368EEF87DEEF2977CA51831BEB7DEAE98E02504E564218425C751853C4FDEAA40F51ECFE75C633128B56AE105A6EB308FD5B4A2E983013197F5DBA
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "....... ....".. },.. "explanationofflinedisabled": {.. "message": "...... .... .. ..... ......... Google ......... ... ........ ...., ..... . .......... .. ........ ........ Google .......... . ........ ...... .............. ... ....... ... ...... ........ .. ...........".. },.. "explanationofflineenabled": {.. "message": "...... ..., ... . .... ...... .. ....... ...... . ........ ........ ... .. ....... .....".. },.. "extdesc": {.. "message": "....... . ........... ........., ...... . ............ . ....... ...... . ... . ... .. ... ........ .........".. },.. "extname": {.. "message

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\sv\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):884
                                                                                                                  Entropy (8bit):4.627108704340797
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HA0NOYT/6McbnX/yzklyOIPRQrJlvDymvBd:vNOcyHnX/yg0P4Bymn
                                                                                                                  MD5:90D8FB448CE9C0B9BA3D07FB8DE6D7EE
                                                                                                                  SHA1:D8688CAC0245FD7B886D0DEB51394F5DF8AE7E84
                                                                                                                  SHA-256:64B1E422B346AB77C5D1C77142685B3FF7661D498767D104B0C24CB36D0EB859
                                                                                                                  SHA-512:6D58F49EE3EF0D3186EA036B868B2203FE936CE30DC8E246C32E90B58D9B18C624825419346B62AF8F7D61767DBE9721957280AA3C524D3A5DFB1A3A76C00742
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "SKAPA NYTT".. },.. "explanationofflinedisabled": {.. "message": "Du .r offline. Om du vill anv.nda Google Dokument utan internetuppkoppling, .ppna inst.llningarna p. Google Dokuments startsida och aktivera offlinesynkronisering n.sta g.ng du .r ansluten till internet.".. },.. "explanationofflineenabled": {.. "message": "Du .r offline, men det g.r fortfarande att redigera tillg.ngliga filer eller skapa nya.".. },.. "extdesc": {.. "message": "Redigera, skapa och visa dina dokument, kalkylark och presentationer . helt utan internet.tkomst.".. },.. "extname": {.. "message": "Google Dokument Offline".. },.. "learnmore": {.. "message": "L.s mer".. },.. "popuphelptext": {.. "message": "Skriv, redigera och samarbeta .verallt, med eller utan internetanslutning.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\sw\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):980
                                                                                                                  Entropy (8bit):4.50673686618174
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:1HASvgNHCBxNx1HMHyMhybK7QGU78oCuafIvfCBxex6EYPE5E1pOCSUJqONtCBh8:1HAGDQ3y0Q/Kjp/zhDoKMkeAT6dBaX
                                                                                                                  MD5:D0579209686889E079D87C23817EDDD5
                                                                                                                  SHA1:C4F99E66A5891973315D7F2BC9C1DAA524CB30DC
                                                                                                                  SHA-256:0D20680B74AF10EF8C754FCDE259124A438DCE3848305B0CAF994D98E787D263
                                                                                                                  SHA-512:D59911F91ED6C8FF78FD158389B4D326DAF4C031B940C399569FE210F6985E23897E7F404B7014FC7B0ACEC086C01CC5F76354F7E5D3A1E0DEDEF788C23C2978
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "FUNGUA MPYA".. },.. "explanationofflinedisabled": {.. "message": "Haupo mtandaoni. Ili uweze kutumia Hati za Google bila muunganisho wa intaneti, wakati utakuwa umeunganishwa kwenye intaneti, nenda kwenye sehemu ya mipangilio kwenye ukurasa wa kwanza wa Hati za Google kisha uwashe kipengele cha usawazishaji nje ya mtandao.".. },.. "explanationofflineenabled": {.. "message": "Haupo mtandaoni, lakini bado unaweza kubadilisha faili zilizopo au uunde mpya.".. },.. "extdesc": {.. "message": "Badilisha, unda na uangalie hati, malahajedwali na mawasilisho yako . yote bila kutumia muunganisho wa intaneti.".. },.. "extname": {.. "message": "Hati za Google Nje ya Mtandao".. },.. "learnmore": {.. "message": "Pata Maelezo Zaidi".. },.. "popuphelptext": {.. "message": "Andika hati, zibadilishe na ushirikiane na wengine popote ulipo, iwe una muunganisho wa intaneti au huna.".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\ta\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1941
                                                                                                                  Entropy (8bit):4.132139619026436
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HAoTZwEj3YfVLiANpx96zjlXTwB4uNJDZwq3CP1B2xIZiIH1CYFIZ03SoFyxrph:JCEjWiAD0ZXkyYFyPND1L/I
                                                                                                                  MD5:DCC0D1725AEAEAAF1690EF8053529601
                                                                                                                  SHA1:BB9D31859469760AC93E84B70B57909DCC02EA65
                                                                                                                  SHA-256:6282BF9DF12AD453858B0B531C8999D5FD6251EB855234546A1B30858462231A
                                                                                                                  SHA-512:6243982D764026D342B3C47C706D822BB2B0CAFFA51F0591D8C878F981EEF2A7FC68B76D012630B1C1EB394AF90EB782E2B49329EB6538DD5608A7F0791FDCF5
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ....... .........".. },.. "explanationofflinedisabled": {.. "message": ".......... ........... .... ....... ..... Google ......... .........., ...... .... ........... ......... ...., Google ... ................... ................ ......, ........ ......... ..........".. },.. "explanationofflineenabled": {.. "message": ".......... ..........., .......... .......... .......... ......... ........... ...... .....

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\te\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1969
                                                                                                                  Entropy (8bit):4.327258153043599
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:R7jQrEONienBcFNBNieCyOBw0/kCcj+sEf24l+Q+u1LU4ljCj55ONipR41ssrNix:RjQJN1nBcFNBNlCyGcj+RXl+Q+u1LU4s
                                                                                                                  MD5:385E65EF723F1C4018EEE6E4E56BC03F
                                                                                                                  SHA1:0CEA195638A403FD99BAEF88A360BD746C21DF42
                                                                                                                  SHA-256:026C164BAE27DBB36A564888A796AA3F188AAD9E0C37176D48910395CF772CEA
                                                                                                                  SHA-512:E55167CB5638E04DF3543D57C8027B86B9483BFCAFA8E7C148EDED66454AEBF554B4C1CF3C33E93EC63D73E43800D6A6E7B9B1A1B0798B6BDB2F699D3989B052
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "..... ...... ........ ......".. },.. "explanationofflinedisabled": {.. "message": ".... ........... ........ ......... ........ ....... Google Docs... .............., .... ............ ....... ..... ...... .... Google Docs .... ...... ............. ......, ........ ........ ... .......".. },.. "explanationofflineenabled": {.. "message": ".... ........... ......., .... .... ........ .......... .... ....... ..... ....... .... ..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\th\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1674
                                                                                                                  Entropy (8bit):4.343724179386811
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:fcGjnU3UnGKD1GeU3pktOggV1tL2ggG7Q:f3jnDG1eUk0g6RLE
                                                                                                                  MD5:64077E3D186E585A8BEA86FF415AA19D
                                                                                                                  SHA1:73A861AC810DABB4CE63AD052E6E1834F8CA0E65
                                                                                                                  SHA-256:D147631B2334A25B8AA4519E4A30FB3A1A85B6A0396BC688C68DC124EC387D58
                                                                                                                  SHA-512:56DD389EB9DD335A6214E206B3BF5D63562584394D1DE1928B67D369E548477004146E6CB2AD19D291CB06564676E2B2AC078162356F6BC9278B04D29825EF0C
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": ".........".. },.. "explanationofflinedisabled": {.. "message": ".............. ............. Google .................................... ............................... Google ...... .................................................................".. },.. "explanationofflineenabled": {.. "message": "................................................................".. },.. "extdesc": {.. "message": "..... ..... ........

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\tr\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1063
                                                                                                                  Entropy (8bit):4.853399816115876
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HAowYuBPgoMC4AGehrgGm7tJ3ckwFrXnRs5m:GYsPgrCtGehkGc3cvXr
                                                                                                                  MD5:76B59AAACC7B469792694CF3855D3F4C
                                                                                                                  SHA1:7C04A2C1C808FA57057A4CCEEE66855251A3C231
                                                                                                                  SHA-256:B9066A162BEE00FD50DC48C71B32B69DFFA362A01F84B45698B017A624F46824
                                                                                                                  SHA-512:2E507CA6874DE8028DC769F3D9DFD9E5494C268432BA41B51568D56F7426F8A5F2E5B111DDD04259EB8D9A036BB4E3333863A8FC65AAB793BCEF39EDFE41403B
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "YEN. OLU.TUR".. },.. "explanationofflinedisabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Google Dok.manlar'. .nternet ba.lant.s. olmadan kullanmak i.in, .nternet'e ba.lanabildi.inizde Google Dok.manlar ana sayfas.nda Ayarlar'a gidin ve .evrimd... senkronizasyonu etkinle.tirin.".. },.. "explanationofflineenabled": {.. "message": ".nternet'e ba.l. de.ilsiniz. Ancak, yine de mevcut dosyalar. d.zenleyebilir veya yeni dosyalar olu.turabilirsiniz.".. },.. "extdesc": {.. "message": "Dok.man, e-tablo ve sunu olu.turun, bunlar. d.zenleyin ve g.r.nt.leyin. T.m bu i.lemleri internet eri.imi olmadan yapabilirsiniz.".. },.. "extname": {.. "message": "Google Dok.manlar .evrimd...".. },.. "learnmore": {.. "message": "Daha Fazla Bilgi".. },.. "popuphelptext": {.. "message": ".nternet ba.lant.n.z olsun veya olmas.n, nerede olursan.z olun yaz.n, d.zenl

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\uk\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1333
                                                                                                                  Entropy (8bit):4.686760246306605
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HAk9oxkm6H4KyGGB9GeGoxPEYMQhpARezTtHUN97zlwpEH7:VKU1GB9GeBc/OARETt+9/WCb
                                                                                                                  MD5:970963C25C2CEF16BB6F60952E103105
                                                                                                                  SHA1:BBDDACFEEE60E22FB1C130E1EE8EFDA75EA600AA
                                                                                                                  SHA-256:9FA26FF09F6ACDE2457ED366C0C4124B6CAC1435D0C4FD8A870A0C090417DA19
                                                                                                                  SHA-512:1BED9FE4D4ADEED3D0BC8258D9F2FD72C6A177C713C3B03FC6F5452B6D6C2CB2236C54EA972ECE7DBFD756733805EB2352CAE44BAB93AA8EA73BB80460349504
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "........".. },.. "explanationofflinedisabled": {.. "message": ".. . ...... ....... ... ............. Google ........... ... ......... . .........., ......... . ............ .. ........ ........ Google .......... . ......... ......-............., .... ...... . .......".. },.. "explanationofflineenabled": {.. "message": ".. . ...... ......, ..... ... .... ...... .......... ........ ..... ... .......... .....".. },.. "extdesc": {.. "message": "........., ......... . ............ ........., .......... ....... .. ........... ... ....... .. ..........".. },.. "extname": {.. "message": "Goo

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\ur\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1263
                                                                                                                  Entropy (8bit):4.861856182762435
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HAl3zNEUhN3mNjkSIkmdNpInuUVsqNtOJDhY8Dvp/IkLzx:e3uUhQKvkmd+s11Lp1F
                                                                                                                  MD5:8B4DF6A9281333341C939C244DDB7648
                                                                                                                  SHA1:382C80CAD29BCF8AAF52D9A24CA5A6ECF1941C6B
                                                                                                                  SHA-256:5DA836224D0F3A96F1C5EB5063061AAD837CA9FC6FED15D19C66DA25CF56F8AC
                                                                                                                  SHA-512:FA1C015D4EA349F73468C78FDB798D462EEF0F73C1A762298798E19F825E968383B0A133E0A2CE3B3DF95F24C71992235BFC872C69DC98166B44D3183BF8A9E5
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "... ......".. },.. "explanationofflinedisabled": {.. "message": ".. .. .... .... Google Docs .. .... ....... ..... ....... .... ..... .... ... .. .. ....... .. ..... ... .. Google Docs ... ... .. ....... .. ..... ... .. .... ...... ..... .. .. .....".. },.. "explanationofflineenabled": {.. "message": ".. .. .... ... .... .. ... ... ...... ..... ... ..... .. .... ... .. ... ..... ... .... ....".. },.. "extdesc": {.. "message": ".......... .......... ... ....... . .... ... ....... .. ..... .. .... ...... ..... .... ... ..... .......".. },.. "extname": {.. "message": "Google Docs .. ....".. },.. "learnmore": {..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\vi\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1074
                                                                                                                  Entropy (8bit):5.062722522759407
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HAhBBLEBOVUSUfE+eDFmj4BLErQ7e2CIer32KIxqJ/HtNiE5nIGeU+KCVT:qHCDheDFmjDQgX32/S/hI9jh
                                                                                                                  MD5:773A3B9E708D052D6CBAA6D55C8A5438
                                                                                                                  SHA1:5617235844595D5C73961A2C0A4AC66D8EA5F90F
                                                                                                                  SHA-256:597C5F32BC999746BC5C2ED1E5115C523B7EB1D33F81B042203E1C1DF4BBCAFE
                                                                                                                  SHA-512:E5F906729E38B23F64D7F146FA48F3ABF6BAED9AAFC0E5F6FA59F369DC47829DBB4BFA94448580BD61A34E844241F590B8D7AEC7091861105D8EBB2590A3BEE9
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "T.O M.I".. },.. "explanationofflinedisabled": {.. "message": "B.n .ang ngo.i tuy.n. .. s. d.ng Google T.i li.u m. kh.ng c.n k.t n.i Internet, .i ..n c.i ..t tr.n trang ch. c.a Google T.i li.u v. b.t ..ng b. h.a ngo.i tuy.n v.o l.n ti.p theo b.n ...c k.t n.i v.i m.ng Internet.".. },.. "explanationofflineenabled": {.. "message": "B.n .ang ngo.i tuy.n, tuy nhi.n b.n v.n c. th. ch.nh s.a c.c t.p c. s.n ho.c t.o c.c t.p m.i.".. },.. "extdesc": {.. "message": "Ch.nh s.a, t.o v. xem t.i li.u, b.ng t.nh v. b.n tr.nh b.y . t.t c. m. kh.ng c.n truy c.p Internet.".. },.. "extname": {.. "message": "Google T.i li.u ngo.i tuy.n".. },.. "learnmore": {.. "message": "Ti.m hi..u th.m".. },.. "popuphelptext": {.. "message": "Vi.t, ch.nh s.a v. c.ng t.c

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\zh_CN\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):879
                                                                                                                  Entropy (8bit):5.7905809868505544
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:1HASvgteHCBxNtSBXuetOrgIkA2OrWjMOCBxetSBXK01fg/SOiCSUEQ27e1CBhUj:1HAFsHtrIkA2jqldI/727eggcLk9pf
                                                                                                                  MD5:3E76788E17E62FB49FB5ED5F4E7A3DCE
                                                                                                                  SHA1:6904FFA0D13D45496F126E58C886C35366EFCC11
                                                                                                                  SHA-256:E72D0BB08CC3005556E95A498BD737E7783BB0E56DCC202E7D27A536616F5EE0
                                                                                                                  SHA-512:F431E570AB5973C54275C9EEF05E49E6FE2D6C17000F98D672DD31F9A1FAD98E0D50B5B0B9CF85D5BBD3B655B93FD69768C194C8C1688CB962AA75FF1AF9BDB6
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": "..".. },.. "explanationofflinedisabled": {.. "message": "....................... Google ................ Google ....................".. },.. "explanationofflineenabled": {.. "message": ".............................".. },.. "extdesc": {.. "message": "...................... - ........".. },.. "extname": {.. "message": "Google .......".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "...............................".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\zh_HK\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1205
                                                                                                                  Entropy (8bit):4.50367724745418
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:YWvqB0f7Cr591AhI9Ah8U1F4rw4wtB9G976d6BY9scKUrPoAhNehIrI/uIXS1:YWvl7Cr5JHrw7k7u6BY9trW+rHR
                                                                                                                  MD5:524E1B2A370D0E71342D05DDE3D3E774
                                                                                                                  SHA1:60D1F59714F9E8F90EF34138D33FBFF6DD39E85A
                                                                                                                  SHA-256:30F44CFAD052D73D86D12FA20CFC111563A3B2E4523B43F7D66D934BA8DACE91
                                                                                                                  SHA-512:D2225CF2FA94B01A7B0F70A933E1FDCF69CDF92F76C424CE4F9FCC86510C481C9A87A7B71F907C836CBB1CA41A8BEBBD08F68DBC90710984CA738D293F905272
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"createnew":{"message":"\u5efa\u7acb\u65b0\u9805\u76ee"},"explanationofflinedisabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\u3002\u5982\u8981\u5728\u6c92\u6709\u4e92\u806f\u7db2\u9023\u7dda\u7684\u60c5\u6cc1\u4e0b\u4f7f\u7528\u300cGoogle \u6587\u4ef6\u300d\uff0c\u8acb\u524d\u5f80\u300cGoogle \u6587\u4ef6\u300d\u9996\u9801\u7684\u8a2d\u5b9a\uff0c\u4e26\u5728\u4e0b\u6b21\u9023\u63a5\u4e92\u806f\u7db2\u6642\u958b\u555f\u96e2\u7dda\u540c\u6b65\u529f\u80fd\u3002"},"explanationofflineenabled":{"message":"\u60a8\u8655\u65bc\u96e2\u7dda\u72c0\u614b\uff0c\u4f46\u60a8\u4ecd\u53ef\u4ee5\u7de8\u8f2f\u53ef\u7528\u6a94\u6848\u6216\u5efa\u7acb\u65b0\u6a94\u6848\u3002"},"extdesc":{"message":"\u7de8\u8f2f\u3001\u5efa\u7acb\u53ca\u67e5\u770b\u60a8\u7684\u6587\u4ef6\u3001\u8a66\u7b97\u8868\u548c\u7c21\u5831\uff0c\u5b8c\u5168\u4e0d\u9700\u4f7f\u7528\u4e92\u806f\u7db2\u3002"},"extname":{"message":"\u300cGoogle \u6587\u4ef6\u300d\u96e2\u7dda\u7248"},"learnmore":{"message":"\u77ad\u89e3\u8a

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\zh_TW\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):843
                                                                                                                  Entropy (8bit):5.76581227215314
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:1HASvgmaCBxNtBtA24ZOuAeOEHGOCBxetBtMHQIJECSUnLRNocPNy6CBhU5OGg1O:1HAEfQkekYyLvRmcPGgzcL2kx5U
                                                                                                                  MD5:0E60627ACFD18F44D4DF469D8DCE6D30
                                                                                                                  SHA1:2BFCB0C3CA6B50D69AD5745FA692BAF0708DB4B5
                                                                                                                  SHA-256:F94C6DDEDF067642A1AF18D629778EC65E02B6097A8532B7E794502747AEB008
                                                                                                                  SHA-512:6FF517EED4381A61075AC7C8E80C73FAFAE7C0583BA4FA7F4951DD7DBE183C253702DEE44B3276EFC566F295DAC1592271BE5E0AC0C7D2C9F6062054418C7C27
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "createnew": {.. "message": ".....".. },.. "explanationofflinedisabled": {.. "message": ".................. Google ................ Google .................".. },.. "explanationofflineenabled": {.. "message": ".........................".. },.. "extdesc": {.. "message": ".............................".. },.. "extname": {.. "message": "Google .....".. },.. "learnmore": {.. "message": "....".. },.. "popuphelptext": {.. "message": "................................".. }..}..

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_locales\zu\messages.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):912
                                                                                                                  Entropy (8bit):4.65963951143349
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:YlMBKqLnI7EgBLWFQbTQIF+j4h3OadMJzLWnCieqgwLeOvKrCRPE:YlMBKqjI7EQOQb0Pj4heOWqeyaBrMPE
                                                                                                                  MD5:71F916A64F98B6D1B5D1F62D297FDEC1
                                                                                                                  SHA1:9386E8F723C3F42DA5B3F7E0B9970D2664EA0BAA
                                                                                                                  SHA-256:EC78DDD4CCF32B5D76EC701A20167C3FBD146D79A505E4FB0421FC1E5CF4AA63
                                                                                                                  SHA-512:30FA4E02120AF1BE6E7CC7DBB15FAE5D50825BD6B3CF28EF21D2F2E217B14AF5B76CFCC165685C3EDC1D09536BFCB10CA07E1E2CC0DA891CEC05E19394AD7144
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"createnew":{"message":"DALA ENTSHA"},"explanationofflinedisabled":{"message":"Awuxhunyiwe ku-inthanethi. Ukuze usebenzise i-Google Amadokhumenti ngaphandle koxhumano lwe-inthanethi, iya kokuthi izilungiselelo ekhasini lasekhaya le-Google Amadokhumenti bese uvula ukuvumelanisa okungaxhunyiwe ku-inthanethi ngesikhathi esilandelayo lapho uxhunywe ku-inthanethi."},"explanationofflineenabled":{"message":"Awuxhunyiwe ku-inthanethi, kodwa usangakwazi ukuhlela amafayela atholakalayo noma udale amasha."},"extdesc":{"message":"Hlela, dala, futhi ubuke amadokhumenti akho, amaspredishithi, namaphrezentheshini \u2014 konke ngaphandle kokufinyelela kwe-inthanethi."},"extname":{"message":"I-Google Amadokhumenti engaxhumekile ku-intanethi"},"learnmore":{"message":"Funda kabanzi"},"popuphelptext":{"message":"Bhala, hlela, futhi hlanganyela noma yikuphi lapho okhona, unalo noma ungenalo uxhumano lwe-inthanethi."}}.

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\_metadata\verified_contents.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):11280
                                                                                                                  Entropy (8bit):5.754230909218899
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:RBG1G1UPkUj/86Op//Ier/2nsN9Jtwg1MK8HNnswuHEIIMuuqd7CKqv+pccW5SJ+:m8IGIEu8RfW+
                                                                                                                  MD5:BE5DB35513DDEF454CE3502B6418B9B4
                                                                                                                  SHA1:C82B23A82F745705AA6BCBBEFEB6CE3DBCC71CB1
                                                                                                                  SHA-256:C6F623BE1112C2FDE6BE8941848A82B2292FCD2B475FBD363CC2FD4DF25049B5
                                                                                                                  SHA-512:38C48E67631FAF0594D44525423C6EDC08F5A65F04288F0569B7CF8C71C359924069212462B0A2BFA38356F93708143EE1CBD42295D7317E8670D0A0CD10BAFD
                                                                                                                  Malicious:false
                                                                                                                  Preview:[{"description":"treehash per file","signed_content":{"payload":"eyJjb250ZW50X2hhc2hlcyI6W3siYmxvY2tfc2l6ZSI6NDA5NiwiZGlnZXN0Ijoic2hhMjU2IiwiZmlsZXMiOlt7InBhdGgiOiIxMjgucG5nIiwicm9vdF9oYXNoIjoiZ2NWZy0xWWgySktRNVFtUmtjZGNmamU1dzVIc1JNN1ZCTmJyaHJ4eGZ5ZyJ9LHsicGF0aCI6Il9sb2NhbGVzL2FmL21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJxaElnV3hDSFVNLWZvSmVFWWFiWWlCNU9nTm9ncUViWUpOcEFhZG5KR0VjIn0seyJwYXRoIjoiX2xvY2FsZXMvYW0vbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IlpPQWJ3cEs2THFGcGxYYjh4RVUyY0VkU0R1aVY0cERNN2lEQ1RKTTIyTzgifSx7InBhdGgiOiJfbG9jYWxlcy9hci9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiUjJVaEZjdTVFcEJfUUZtU19QeGstWWRrSVZqd3l6WEoxdURVZEMyRE9BSSJ9LHsicGF0aCI6Il9sb2NhbGVzL2F6L21lc3NhZ2VzLmpzb24iLCJyb290X2hhc2giOiJZVVJ3Mmp4UU5Lem1TZkY0YS1xcTBzbFBSSFc4eUlXRGtMY2g4Ry0zdjJRIn0seyJwYXRoIjoiX2xvY2FsZXMvYmUvbWVzc2FnZXMuanNvbiIsInJvb3RfaGFzaCI6IjNmRm9XYUZmUHJNelRXSkJsMXlqbUlyRDZ2dzlsa1VxdzZTdjAyUk1oVkEifSx7InBhdGgiOiJfbG9jYWxlcy9iZy9tZXNzYWdlcy5qc29uIiwicm9vdF9oYXNoIjoiSXJ3M3RIem9xREx6bHdGa0hjTllOWFoyNmI0WWVwT2t4ZFN

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\dasherSettingSchema.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):854
                                                                                                                  Entropy (8bit):4.284628987131403
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12:ont+QByTwnnGNcMbyWM+Q9TZldnnnGGxlF/S0WOtUL0M0r:vOrGe4dDCVGOjWJ0nr
                                                                                                                  MD5:4EC1DF2DA46182103D2FFC3B92D20CA5
                                                                                                                  SHA1:FB9D1BA3710CF31A87165317C6EDC110E98994CE
                                                                                                                  SHA-256:6C69CE0FE6FAB14F1990A320D704FEE362C175C00EB6C9224AA6F41108918CA6
                                                                                                                  SHA-512:939D81E6A82B10FF73A35C931052D8D53D42D915E526665079EEB4820DF4D70F1C6AEBAB70B59519A0014A48514833FEFD687D5A3ED1B06482223A168292105D
                                                                                                                  Malicious:false
                                                                                                                  Preview:{. "type": "object",. "properties": {. "allowedDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Allow users to enable Docs offline for the specified managed domains.",. "description": "Users on managed devices will be able to enable docs offline if they are part of the specified managed domains.". },. "autoEnabledDocsOfflineDomains": {. "type": "array",. "items": {. "type": "string". },. "title": "Auto enable Docs offline for the specified managed domains in certain eligible situations.",. "description": "Users on managed devices, in certain eligible situations, will be able to automatically access and edit recent files offline for the managed domains set in this property. They can still disable it from Drive settings.". }. }.}.

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\manifest.json

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):2525
                                                                                                                  Entropy (8bit):5.417689528134667
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:1HEZ4WPoolELb/KxktGw3VwELb/4iL2QDkUpvdz1xxy/Atj1e9yiVvQe:WdP5aLTKQGwlTLT4oRvvxs/APegiVb
                                                                                                                  MD5:10FF8E5B674311683D27CE1879384954
                                                                                                                  SHA1:9C269C14E067BB86642EB9F4816D75CF1B9B9158
                                                                                                                  SHA-256:17363162A321625358255EE939F447E9363FF2284BD35AE15470FD5318132CA9
                                                                                                                  SHA-512:4D3EB89D398A595FEA8B59AC6269A57CC96C4A0E5A5DB8C5FE70AB762E8144A5DF9AFC8756CA2E798E50778CD817CC9B0826FC2942DE31397E858DBFA1B06830
                                                                                                                  Malicious:false
                                                                                                                  Preview:{.. "author": {.. "email": "docs-hosted-app-own@google.com".. },.. "background": {.. "service_worker": "service_worker_bin_prod.js".. },.. "content_capabilities": {.. "matches": [ "https://docs.google.com/*", "https://drive.google.com/*", "https://drive-autopush.corp.google.com/*", "https://drive-daily-0.corp.google.com/*", "https://drive-daily-1.corp.google.com/*", "https://drive-daily-2.corp.google.com/*", "https://drive-daily-3.corp.google.com/*", "https://drive-daily-4.corp.google.com/*", "https://drive-daily-5.corp.google.com/*", "https://drive-daily-6.corp.google.com/*", "https://drive-preprod.corp.google.com/*", "https://drive-staging.corp.google.com/*" ],.. "permissions": [ "clipboardRead", "clipboardWrite", "unlimitedStorage" ].. },.. "content_security_policy": {.. "extension_pages": "script-src 'self'; object-src 'self'".. },.. "default_locale": "en_US",.. "description": "__MSG_extDesc__",.. "externally_connectable": {.. "ma

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\offscreendocument.html

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:HTML document, ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):97
                                                                                                                  Entropy (8bit):4.862433271815736
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:PouV7uJL5XL/oGLvLAAJR90bZNGXIL0Hac4NGb:hxuJL5XsOv0EmNV4HX4Qb
                                                                                                                  MD5:B747B5922A0BC74BBF0A9BC59DF7685F
                                                                                                                  SHA1:7BF124B0BE8EE2CFCD2506C1C6FFC74D1650108C
                                                                                                                  SHA-256:B9FA2D52A4FFABB438B56184131B893B04655B01F336066415D4FE839EFE64E7
                                                                                                                  SHA-512:7567761BE4054FCB31885E16D119CD4E419A423FFB83C3B3ED80BFBF64E78A73C2E97AAE4E24AB25486CD1E43877842DB0836DB58FBFBCEF495BC53F9B2A20EC
                                                                                                                  Malicious:false
                                                                                                                  Preview:<!DOCTYPE html>.<html>.<body>. <script src="offscreendocument_main.js"></script>.</body>.</html>

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\offscreendocument_main.js

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text, with very long lines (4369)
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):95567
                                                                                                                  Entropy (8bit):5.4016395763198135
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:Ftd/mjDC/Hass/jCKLwPOPO2MCeYHxU2/NjAGHChg3JOzZ8:YfjCKdHm2/NbHCIJo8
                                                                                                                  MD5:09AF2D8CFA8BF1078101DA78D09C4174
                                                                                                                  SHA1:F2369551E2CDD86258062BEB0729EE4D93FCA050
                                                                                                                  SHA-256:39D113C44D45AE3609B9509ED099680CC5FCEF182FD9745B303A76E164D8BCEC
                                                                                                                  SHA-512:F791434B053FA2A5B731C60F22A4579F19FE741134EF0146E8BAC7DECAC78DE65915B3188093DBBE00F389A7F15B80172053FABB64E636DD4A945DBE3C2CF2E6
                                                                                                                  Malicious:false
                                                                                                                  Preview:'use strict';function aa(){return function(){}}function l(a){return function(){return this[a]}}var n;function ba(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ca="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var q=da(this);function r(a,b){if(b)a:{var c=q;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ca(c,a,{configurable:!0,writable:!0,value:b})}}.r("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\page_embed_script.js

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):291
                                                                                                                  Entropy (8bit):4.65176400421739
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:6:2LGX86tj66rU8j6D3bWq2un/XBtzHrH9Mnj63LK603:2Q8KVqb2u/Rt3Onj1
                                                                                                                  MD5:3AB0CD0F493B1B185B42AD38AE2DD572
                                                                                                                  SHA1:079B79C2ED6F67B5A5BD9BC8C85801F96B1B0F4B
                                                                                                                  SHA-256:73E3888CCBC8E0425C3D2F8D1E6A7211F7910800EEDE7B1E23AD43D3B21173F7
                                                                                                                  SHA-512:32F9DB54654F29F39D49F7A24A1FC800DBC0D4A8A1BAB2369C6F9799BC6ADE54962EFF6010EF6D6419AE51D5B53EC4B26B6E2CDD98DEF7CC0D2ADC3A865F37D3
                                                                                                                  Malicious:false
                                                                                                                  Preview:(function(){window._docs_chrome_extension_exists=!0;window._docs_chrome_extension_features_version=2;window._docs_chrome_extension_permissions="alarms clipboardRead clipboardWrite storage unlimitedStorage offscreen".split(" ");window._docs_chrome_extension_manifest_version=3;}).call(this);.

                                                                                                                  C:\Users\user\AppData\Local\Temp\scoped_dir7288_2084192024\CRX_INSTALL\service_worker_bin_prod.js

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  File Type:ASCII text, with very long lines (4369)
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):103988
                                                                                                                  Entropy (8bit):5.389407461078688
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:1536:oXWJmOMsz9UqqRtjWLqj74SJf2VsxJ5BGOzr61SfwKmWGMJOaAFlObQ/x0BGm:yRqr6v3JnVzr6wwfMtkFSYm
                                                                                                                  MD5:EA946F110850F17E637B15CF22B82837
                                                                                                                  SHA1:8D27C963E76E3D2F5B8634EE66706F95F000FCAF
                                                                                                                  SHA-256:029DFE87536E8907A612900B26EEAA72C63EDF28458A7227B295AE6D4E2BD94C
                                                                                                                  SHA-512:5E8E61E648740FEF2E89A035A4349B2E4E5E4E88150EE1BDA9D4AD8D75827DC67C1C95A2CA41DF5B89DE8F575714E1A4D23BDE2DC3CF21D55DB3A39907B8F820
                                                                                                                  Malicious:false
                                                                                                                  Preview:'use strict';function k(){return function(){}}function n(a){return function(){return this[a]}}var q;function aa(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}}var ba="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};.function da(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var r=da(this);function t(a,b){if(b)a:{var c=r;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];if(!(e in c))break a;c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&ba(c,a,{configurable:!0,writable:!0,value:b})}}.t("Symbol",function(a){function b(f){if(this instanceof b)throw new TypeError("Symbol is not a constructor");return new c(d+(f||"")+"_"+e++,f)}function c(f,g

                                                                                                                  C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):453023
                                                                                                                  Entropy (8bit):7.997718157581587
                                                                                                                  Encrypted:true
                                                                                                                  SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                  MD5:85430BAED3398695717B0263807CF97C
                                                                                                                  SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                  SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                  SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                  Malicious:false
                                                                                                                  Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.json (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):3621
                                                                                                                  Entropy (8bit):4.925413596827269
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:YnSwkmrOVPUFRbOdwNIOdoWLEWLtkDZuwpx5FBvipA6kb92the6LuhakN6gY9HeF:8S+OVPUFRbOdwNIOdYpjvY1Q6LUY1L8P
                                                                                                                  MD5:AA2AE9E899531739FF0DD8E59040B734
                                                                                                                  SHA1:4B10F778D4EF13B868CC139F6D00D3E003EB3A69
                                                                                                                  SHA-256:995C70243993CA11B8BEF65E0CE73DC73D738C69BC397ECEF0406A0F6BE5926A
                                                                                                                  SHA-512:9814C06DEF2201159CC45DE1839521C643077E87B62E6F88B232CF0CFA568D89C1C7BD1E630755F2DDD8CE7A30648B7F46DC77A608A11CBD50BDC812F7D09A17
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-04T13:40:33.697Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\ExperimentStoreData.json.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):3621
                                                                                                                  Entropy (8bit):4.925413596827269
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:YnSwkmrOVPUFRbOdwNIOdoWLEWLtkDZuwpx5FBvipA6kb92the6LuhakN6gY9HeF:8S+OVPUFRbOdwNIOdYpjvY1Q6LUY1L8P
                                                                                                                  MD5:AA2AE9E899531739FF0DD8E59040B734
                                                                                                                  SHA1:4B10F778D4EF13B868CC139F6D00D3E003EB3A69
                                                                                                                  SHA-256:995C70243993CA11B8BEF65E0CE73DC73D738C69BC397ECEF0406A0F6BE5926A
                                                                                                                  SHA-512:9814C06DEF2201159CC45DE1839521C643077E87B62E6F88B232CF0CFA568D89C1C7BD1E630755F2DDD8CE7A30648B7F46DC77A608A11CBD50BDC812F7D09A17
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"3ba649bc-be47-4b92-8762-21cab57bda3b","experimentType":"rollout","source":"rs-loader","userFacingName":"CSV Import (Release Rollout)","userFacingDescription":"This rollout enables users to import logins from a CSV file from the about:logins page.","lastSeen":"2023-10-04T13:40:33.697Z","featureIds":["cm-csv-import"],"prefs":[{"name":"signon.management.page.fileImport.enabled","branch":"default","featureId":"cm-csv-import","variable":"csvImport","originalValue":false}],"isRollout":true},"serp-ad-telemetry-rollout":{"slug":"serp-ad-telemetry-rollout","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pr

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4 (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):5308
                                                                                                                  Entropy (8bit):6.599374203470186
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                  MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                  SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                  SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                  SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                  Malicious:false
                                                                                                                  Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addonStartup.json.lz4.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):5308
                                                                                                                  Entropy (8bit):6.599374203470186
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6Uhm:zTx2x2t0FDJ4NpkuvjdeplTMohm
                                                                                                                  MD5:EB56C2F4DA9435F3D5574161F414CD17
                                                                                                                  SHA1:74A8FC3EC0559740FD9D835B638354985E2DEAB6
                                                                                                                  SHA-256:394E803D5FF8E156DFA7D15E96B51A683F4624A1BCF88EAA532399AC2C9B0966
                                                                                                                  SHA-512:DF90568D191C757392FB85BDDA5333C7FE7E3BB370C5DE8C50DD810B938D732E39B5608FB4494CAADAE99E1601989FDFC0FEBDCF70F27FFE581F904170A81E0F
                                                                                                                  Malicious:false
                                                                                                                  Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):24
                                                                                                                  Entropy (8bit):3.91829583405449
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                  MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                  SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                  SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                  SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"schema":6,"addons":[]}

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\addons.json.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):24
                                                                                                                  Entropy (8bit):3.91829583405449
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                  MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                  SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                  SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                  SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"schema":6,"addons":[]}

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\content-prefs.sqlite

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 4
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):262144
                                                                                                                  Entropy (8bit):0.04905141882491872
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:DLSvwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:DKwae+QtMImelekKDa5
                                                                                                                  MD5:8736A542C5564A922C47B19D9CC5E0F2
                                                                                                                  SHA1:CE9D58967DA9B5356D6C1D8A482F9CE74DA9097A
                                                                                                                  SHA-256:97CE5D8AFBB0AA610219C4FAC3927E32C91BFFD9FD971AF68C718E7B27E40077
                                                                                                                  SHA-512:99777325893DC7A95FD49B2DA18D32D65F97CC7A8E482D78EDC32F63245457FA5A52750800C074D552D20B6A215604161FDC88763D93C76A8703470C3064196B
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):66
                                                                                                                  Entropy (8bit):4.837595020998689
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                  MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                  SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                  SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                  SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                  Malicious:false
                                                                                                                  Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):66
                                                                                                                  Entropy (8bit):4.837595020998689
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                  MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                  SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                  SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                  SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                  Malicious:false
                                                                                                                  Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):36830
                                                                                                                  Entropy (8bit):5.1867463390487
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                                                                  MD5:98875950B62B398FFE70C0A8D0998017
                                                                                                                  SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                                                                  SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                                                                  SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\extensions.json.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):36830
                                                                                                                  Entropy (8bit):5.1867463390487
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:768:JI4avfWX94O6L4x4ME454N4ohvM4T4Pia4T4I4t54U:JI4KvG
                                                                                                                  MD5:98875950B62B398FFE70C0A8D0998017
                                                                                                                  SHA1:CFCFFF938402E53D341FE392E25D2E6C557E548F
                                                                                                                  SHA-256:1B445C7E12712026D4E663426527CE58FD221D2E26545AEA699E67D60F16E7F0
                                                                                                                  SHA-512:728FF6FF915A45B44D720F41F9545F41F1BF5FB218D58073BD27DB19145D2225488988BE80FB0F712922D7B661E1A64448E3F71F09A1480B6F20BD2480888ABF
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{7a5650ac-9a89-4807-a040-9f0832bf39a9}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\favicons.sqlite-shm

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):32768
                                                                                                                  Entropy (8bit):0.017262956703125623
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                  MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                  SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                  SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                  SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                  Malicious:false
                                                                                                                  Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1021904
                                                                                                                  Entropy (8bit):6.648417932394748
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                  MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                  SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                  SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                  SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                  Malicious:false
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                  Joe Sandbox View:
                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                  • Filename: pud8g3zixE.exe, Detection: malicious, Browse
                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1021904
                                                                                                                  Entropy (8bit):6.648417932394748
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                  MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                  SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                  SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                  SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                  Malicious:false
                                                                                                                  Antivirus:
                                                                                                                  • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                  Joe Sandbox View:
                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                  • Filename: pud8g3zixE.exe, Detection: malicious, Browse
                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                  • Filename: file.exe, Detection: malicious, Browse
                                                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):116
                                                                                                                  Entropy (8bit):4.968220104601006
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                  MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                  SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                  SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                  SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                  Malicious:false
                                                                                                                  Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:ASCII text
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):116
                                                                                                                  Entropy (8bit):4.968220104601006
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                  MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                  SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                  SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                  SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                  Malicious:false
                                                                                                                  Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):32768
                                                                                                                  Entropy (8bit):0.035455806264726504
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:GtlstF4FysoyCwS1lstF4FysoyCwBJ89//alEl:GtWt6MBMS1Wt6MBMv89XuM
                                                                                                                  MD5:430F320A1C8B41FFA929FB837137CD80
                                                                                                                  SHA1:16DC8A10B46B17ED0BB23852DDCC9D4EA2959894
                                                                                                                  SHA-256:44AADC0BF83077C500102929D1A3A360E79A819AD4CBB6C3D3A47F156B5E7184
                                                                                                                  SHA-512:46FA6E5D3DD92AA4DB595DF0F3AAAC2DC0DF7D2BF97A8E969108361219AA751637BABB7365167DF4625BEB84CA1991EEBE827C70872184EC2A071428E83CC13D
                                                                                                                  Malicious:false
                                                                                                                  Preview:..-.....................o....I@.U...m.7...U.V....-.....................o....I@.U...m.7...U.V..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):32824
                                                                                                                  Entropy (8bit):0.03966846607874129
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:Ol1isRz/y1Zi+LLl8rEXsxdwhml8XW3R2:KJZ/mZLfl8dMhm93w
                                                                                                                  MD5:20643499D296279B46DDFF631C88A1B6
                                                                                                                  SHA1:F464D8E4C609E6D064A1FE800A540C76AFBC9BF9
                                                                                                                  SHA-256:425832DDB3ED63201139F36F155353FDA48E8655E5712734B4301866C5B1A7DD
                                                                                                                  SHA-512:A14361B6FA034200333F012F36FDC19726C2FD8374763CF7F7EDF12CF400FA3F73E3130CDF9BCBA52EA3347EBDFEC3ADCC1CFB6B89B1452184F0AEBA6E5949DD
                                                                                                                  Malicious:false
                                                                                                                  Preview:7....-...........U...m.7.^X............U...m.7..o@I..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs-1.js

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                  Category:modified
                                                                                                                  Size (bytes):13187
                                                                                                                  Entropy (8bit):5.47812037878794
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:knPOeRnLYbBp6zJ0aX+i6SEXK5sN3dO5RHWNBw8dkSl:GDeWJUZk8NmHEwr0
                                                                                                                  MD5:610D5E31837A3689B3B52D445B38D5BA
                                                                                                                  SHA1:5ED91E309D1B2CF8F3D6CFDA12050DAB0F169E95
                                                                                                                  SHA-256:4F79693C5C13933EA4D199DAFB1611372FC01B998C82EF2053F10BD4F22F0435
                                                                                                                  SHA-512:8699D5F29A4FDFF6E097A97D78DA379EB6A85C69C169591E77DAD46C80C5C3566C31295E998D83F495CB21F20AF2BD15E9994D06B974AD37B96D7DA1FDA08A73
                                                                                                                  Malicious:false
                                                                                                                  Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725627888);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725627888);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1725627888);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 172562

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:ASCII text, with very long lines (1743), with CRLF line terminators
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):13187
                                                                                                                  Entropy (8bit):5.47812037878794
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:192:knPOeRnLYbBp6zJ0aX+i6SEXK5sN3dO5RHWNBw8dkSl:GDeWJUZk8NmHEwr0
                                                                                                                  MD5:610D5E31837A3689B3B52D445B38D5BA
                                                                                                                  SHA1:5ED91E309D1B2CF8F3D6CFDA12050DAB0F169E95
                                                                                                                  SHA-256:4F79693C5C13933EA4D199DAFB1611372FC01B998C82EF2053F10BD4F22F0435
                                                                                                                  SHA-512:8699D5F29A4FDFF6E097A97D78DA379EB6A85C69C169591E77DAD46C80C5C3566C31295E998D83F495CB21F20AF2BD15E9994D06B974AD37B96D7DA1FDA08A73
                                                                                                                  Malicious:false
                                                                                                                  Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1725627888);..user_pref("app.update.lastUpdateTime.background-update-timer", 1725627888);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1725627888);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 172562

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\protections.sqlite

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 4
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):65536
                                                                                                                  Entropy (8bit):0.04062825861060003
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:lSGBl/l/zl9l/AltllPltlnKollzvulJOlzALRWemFxu7TuRjBFbrl58lcV+wgn8:ltBl/lqN1K4BEJYqWvLue3FMOrMZ0l
                                                                                                                  MD5:60C09456D6362C6FBED48C69AA342C3C
                                                                                                                  SHA1:58B6E22DAA48C75958B429F662DEC1C011AE74D3
                                                                                                                  SHA-256:FE1A432A2CD096B7EEA870D46D07F5197E34B4D10666E6E1C357FAA3F2FE2389
                                                                                                                  SHA-512:936DBC887276EF07732783B50EAFE450A8598B0492B8F6C838B337EF3E8A6EA595E7C7A2FA4B3E881887FAAE2D207B953A4C65ED8C964D93118E00D3E03882BD
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):90
                                                                                                                  Entropy (8bit):4.194538242412464
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                  MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                  SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                  SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                  SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionCheckpoints.json.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):90
                                                                                                                  Entropy (8bit):4.194538242412464
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                  MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                  SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                  SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                  SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:Mozilla lz4 compressed data, originally 5952 bytes
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1567
                                                                                                                  Entropy (8bit):6.334807928079669
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:wKpR5SHzeUj0ExFyXgIrj0u2VN0Q+VBtp:wiQVbyw22A/j
                                                                                                                  MD5:B5A2CF32AB61EB8CFBD6581C58616A31
                                                                                                                  SHA1:6D35EEF8D017E3C0B0A6B6FAEE4AD372E1B8805F
                                                                                                                  SHA-256:75B35123A25CA1CF3B9B50366747C166088BA5975474BB55266CBE71D38048E8
                                                                                                                  SHA-512:BC6E2C94FAE33D320495E44DBC9FBBE91BC909B348453B91BA2A1F4063CD275C990E618485507766D70CB5FD24657259F71F198FB38DCB9B89BCB60A9E16C06D
                                                                                                                  Malicious:false
                                                                                                                  Preview:mozLz40.@.....{"version":["ses....restore",1],"windows":[{"tab..bentrie...!url":"https://accounts.google.com/ServiceLogin?s...=)...ettings&continue=J....v3/signin/challenge/pwd","title..p..cacheKey":0,"ID":5,"docshellUU...D"{08045127-b7e6-4a1c-8a0a-ff669944b559}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":6,"persist":true}],"lastAccessed":1725627892845,"hiddey..searchMode...userContextId...attribut;..{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C..`GroupC...":-1,"busy...t...Flags":2150633470....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace:...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...W...l...........:....1":{..mUpdate...startTim..A5791...centCrash..B0},".....Dcook1. hoc..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Recure...,..Donly..fexpiry...6

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:Mozilla lz4 compressed data, originally 5952 bytes
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1567
                                                                                                                  Entropy (8bit):6.334807928079669
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:wKpR5SHzeUj0ExFyXgIrj0u2VN0Q+VBtp:wiQVbyw22A/j
                                                                                                                  MD5:B5A2CF32AB61EB8CFBD6581C58616A31
                                                                                                                  SHA1:6D35EEF8D017E3C0B0A6B6FAEE4AD372E1B8805F
                                                                                                                  SHA-256:75B35123A25CA1CF3B9B50366747C166088BA5975474BB55266CBE71D38048E8
                                                                                                                  SHA-512:BC6E2C94FAE33D320495E44DBC9FBBE91BC909B348453B91BA2A1F4063CD275C990E618485507766D70CB5FD24657259F71F198FB38DCB9B89BCB60A9E16C06D
                                                                                                                  Malicious:false
                                                                                                                  Preview:mozLz40.@.....{"version":["ses....restore",1],"windows":[{"tab..bentrie...!url":"https://accounts.google.com/ServiceLogin?s...=)...ettings&continue=J....v3/signin/challenge/pwd","title..p..cacheKey":0,"ID":5,"docshellUU...D"{08045127-b7e6-4a1c-8a0a-ff669944b559}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":6,"persist":true}],"lastAccessed":1725627892845,"hiddey..searchMode...userContextId...attribut;..{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C..`GroupC...":-1,"busy...t...Flags":2150633470....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace:...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...W...l...........:....1":{..mUpdate...startTim..A5791...centCrash..B0},".....Dcook1. hoc..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Recure...,..Donly..fexpiry...6

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:Mozilla lz4 compressed data, originally 5952 bytes
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):1567
                                                                                                                  Entropy (8bit):6.334807928079669
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:48:wKpR5SHzeUj0ExFyXgIrj0u2VN0Q+VBtp:wiQVbyw22A/j
                                                                                                                  MD5:B5A2CF32AB61EB8CFBD6581C58616A31
                                                                                                                  SHA1:6D35EEF8D017E3C0B0A6B6FAEE4AD372E1B8805F
                                                                                                                  SHA-256:75B35123A25CA1CF3B9B50366747C166088BA5975474BB55266CBE71D38048E8
                                                                                                                  SHA-512:BC6E2C94FAE33D320495E44DBC9FBBE91BC909B348453B91BA2A1F4063CD275C990E618485507766D70CB5FD24657259F71F198FB38DCB9B89BCB60A9E16C06D
                                                                                                                  Malicious:false
                                                                                                                  Preview:mozLz40.@.....{"version":["ses....restore",1],"windows":[{"tab..bentrie...!url":"https://accounts.google.com/ServiceLogin?s...=)...ettings&continue=J....v3/signin/challenge/pwd","title..p..cacheKey":0,"ID":5,"docshellUU...D"{08045127-b7e6-4a1c-8a0a-ff669944b559}","resultPrincipalURI":null,"hasUserInteract....false,"triggering9.p_base64{..\"3\":{}_..6docIdentifier":6,"persist":true}],"lastAccessed":1725627892845,"hiddey..searchMode...userContextId...attribut;..{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedT..@],"_...C..`GroupC...":-1,"busy...t...Flags":2150633470....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace:...98952893-68ff-4a5d-a164-705c709ed3db","zD..1...W...l...........:....1":{..mUpdate...startTim..A5791...centCrash..B0},".....Dcook1. hoc..."addons.mozilla.org","valu...'b03116d8508741e1c0453eca6046028f71c7c2b904be5e0a0d4686...b1764f","pa..p"/","na..a"taarI|.Recure...,..Donly..fexpiry...6

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\storage.sqlite

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):4096
                                                                                                                  Entropy (8bit):2.0836444556178684
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                  MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                  SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                  SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                  SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                  Malicious:false
                                                                                                                  Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.json (copy)

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):4537
                                                                                                                  Entropy (8bit):5.029971374046829
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:ycqoMTEr5/lLmI2Ac1zzcxvbw6Kkgrc2Rn27:kBTEr5NX0z3DhRe
                                                                                                                  MD5:CA5843CA07B0DE07BC96B3B46D87D8F4
                                                                                                                  SHA1:3B590BB8470A7DAB726B28A45FA661A723FBA01A
                                                                                                                  SHA-256:5F835FE7D463439D2653AB0248BBEF642079174252BCCAF5E8AA25B71860DA4E
                                                                                                                  SHA-512:A5D33672258E7D35FD0673B095C727A270B9D1CE8C5AC5737DBF67B87B66CFA29AB4D511844FEF19DD39CA0F9BCEEFEF2C01BF7BE6BD0E2B33452ED0E366E347
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-09-06T13:04:33.898Z","profileAgeCreated":1696426830133,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                  C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\targeting.snapshot.json.tmp

                                                                                                                  Download File
                                                                                                                  Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  File Type:JSON data
                                                                                                                  Category:dropped
                                                                                                                  Size (bytes):4537
                                                                                                                  Entropy (8bit):5.029971374046829
                                                                                                                  Encrypted:false
                                                                                                                  SSDEEP:96:ycqoMTEr5/lLmI2Ac1zzcxvbw6Kkgrc2Rn27:kBTEr5NX0z3DhRe
                                                                                                                  MD5:CA5843CA07B0DE07BC96B3B46D87D8F4
                                                                                                                  SHA1:3B590BB8470A7DAB726B28A45FA661A723FBA01A
                                                                                                                  SHA-256:5F835FE7D463439D2653AB0248BBEF642079174252BCCAF5E8AA25B71860DA4E
                                                                                                                  SHA-512:A5D33672258E7D35FD0673B095C727A270B9D1CE8C5AC5737DBF67B87B66CFA29AB4D511844FEF19DD39CA0F9BCEEFEF2C01BF7BE6BD0E2B33452ED0E366E347
                                                                                                                  Malicious:false
                                                                                                                  Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-09-06T13:04:33.898Z","profileAgeCreated":1696426830133,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                  Static File Info

                                                                                                                  General

                                                                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                  Entropy (8bit):6.579597029889794
                                                                                                                  TrID:
                                                                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                  File name:file.exe
                                                                                                                  File size:917'504 bytes
                                                                                                                  MD5:11bd4625b4c8f650d10bc4d758dc2f2d
                                                                                                                  SHA1:07f5cf0a5dc7138c3d1d482e6b7fee6bc81915f8
                                                                                                                  SHA256:7db1c1f1392f84b88a5100af4042abfd72ee3a7708c67155ad3c6082b7cbd6f4
                                                                                                                  SHA512:070eeb0b6e43654074a8f680f4adba2a4637a72591aeffa9cba1697668d8db82639313e4f8aaeb00341c0e6abc08ddade15e58afce7eb083c5d567d3e80ce839
                                                                                                                  SSDEEP:12288:aqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTz:aqDEvCTbMWu7rQYlBQcBiT6rprG8avz
                                                                                                                  TLSH:24159E0273D1C062FFAB92334B5AF6515BBC69260123E61F13981DB9BE701B1563E7A3
                                                                                                                  File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                  File Icon

                                                                                                                  Icon Hash:aaf3e3e3938382a0

                                                                                                                  Static PE Info

                                                                                                                  General

                                                                                                                  Entrypoint:0x420577
                                                                                                                  Entrypoint Section:.text
                                                                                                                  Digitally signed:false
                                                                                                                  Imagebase:0x400000
                                                                                                                  Subsystem:windows gui
                                                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                  DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                  Time Stamp:0x66DADF9B [Fri Sep 6 10:55:23 2024 UTC]
                                                                                                                  TLS Callbacks:
                                                                                                                  CLR (.Net) Version:
                                                                                                                  OS Version Major:5
                                                                                                                  OS Version Minor:1
                                                                                                                  File Version Major:5
                                                                                                                  File Version Minor:1
                                                                                                                  Subsystem Version Major:5
                                                                                                                  Subsystem Version Minor:1
                                                                                                                  Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                  Entrypoint Preview

                                                                                                                  Instruction
                                                                                                                  call 00007F3CC0F2A353h
                                                                                                                  jmp 00007F3CC0F29C5Fh
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  push esi
                                                                                                                  push dword ptr [ebp+08h]
                                                                                                                  mov esi, ecx
                                                                                                                  call 00007F3CC0F29E3Dh
                                                                                                                  mov dword ptr [esi], 0049FDF0h
                                                                                                                  mov eax, esi
                                                                                                                  pop esi
                                                                                                                  pop ebp
                                                                                                                  retn 0004h
                                                                                                                  and dword ptr [ecx+04h], 00000000h
                                                                                                                  mov eax, ecx
                                                                                                                  and dword ptr [ecx+08h], 00000000h
                                                                                                                  mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                  mov dword ptr [ecx], 0049FDF0h
                                                                                                                  ret
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  push esi
                                                                                                                  push dword ptr [ebp+08h]
                                                                                                                  mov esi, ecx
                                                                                                                  call 00007F3CC0F29E0Ah
                                                                                                                  mov dword ptr [esi], 0049FE0Ch
                                                                                                                  mov eax, esi
                                                                                                                  pop esi
                                                                                                                  pop ebp
                                                                                                                  retn 0004h
                                                                                                                  and dword ptr [ecx+04h], 00000000h
                                                                                                                  mov eax, ecx
                                                                                                                  and dword ptr [ecx+08h], 00000000h
                                                                                                                  mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                  mov dword ptr [ecx], 0049FE0Ch
                                                                                                                  ret
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  push esi
                                                                                                                  mov esi, ecx
                                                                                                                  lea eax, dword ptr [esi+04h]
                                                                                                                  mov dword ptr [esi], 0049FDD0h
                                                                                                                  and dword ptr [eax], 00000000h
                                                                                                                  and dword ptr [eax+04h], 00000000h
                                                                                                                  push eax
                                                                                                                  mov eax, dword ptr [ebp+08h]
                                                                                                                  add eax, 04h
                                                                                                                  push eax
                                                                                                                  call 00007F3CC0F2C9FDh
                                                                                                                  pop ecx
                                                                                                                  pop ecx
                                                                                                                  mov eax, esi
                                                                                                                  pop esi
                                                                                                                  pop ebp
                                                                                                                  retn 0004h
                                                                                                                  lea eax, dword ptr [ecx+04h]
                                                                                                                  mov dword ptr [ecx], 0049FDD0h
                                                                                                                  push eax
                                                                                                                  call 00007F3CC0F2CA48h
                                                                                                                  pop ecx
                                                                                                                  ret
                                                                                                                  push ebp
                                                                                                                  mov ebp, esp
                                                                                                                  push esi
                                                                                                                  mov esi, ecx
                                                                                                                  lea eax, dword ptr [esi+04h]
                                                                                                                  mov dword ptr [esi], 0049FDD0h
                                                                                                                  push eax
                                                                                                                  call 00007F3CC0F2CA31h
                                                                                                                  test byte ptr [ebp+08h], 00000001h
                                                                                                                  pop ecx

                                                                                                                  Rich Headers

                                                                                                                  Programming Language:
                                                                                                                  • [ C ] VS2008 SP1 build 30729
                                                                                                                  • [IMP] VS2008 SP1 build 30729

                                                                                                                  Data Directories

                                                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x9500.rsrc
                                                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xde0000x7594.reloc
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                  Sections

                                                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                  .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                  .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                  .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                  .rsrc0xd40000x95000x960019c7c899f3958d320e7679f341612d58False0.2811197916666667data5.16180608598423IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                  .reloc0xde0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                  Resources

                                                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                  RT_ICON0xd45a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                  RT_ICON0xd46d00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                  RT_ICON0xd47f80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                  RT_ICON0xd49200x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                  RT_ICON0xd4c080x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                  RT_ICON0xd4d300xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                  RT_ICON0xd5bd80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                  RT_ICON0xd64800x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                  RT_ICON0xd69e80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                  RT_ICON0xd8f900x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                  RT_ICON0xda0380x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                  RT_MENU0xda4a00x50dataEnglishGreat Britain0.9
                                                                                                                  RT_STRING0xda4f00x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                  RT_STRING0xdaa840x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                  RT_STRING0xdb1100x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                  RT_STRING0xdb5a00x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                  RT_STRING0xdbb9c0x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                  RT_STRING0xdc1f80x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                  RT_STRING0xdc6600x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                  RT_RCDATA0xdc7b80x7c6data1.0055276381909548
                                                                                                                  RT_GROUP_ICON0xdcf800x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                  RT_GROUP_ICON0xdcff80x14dataEnglishGreat Britain1.25
                                                                                                                  RT_GROUP_ICON0xdd00c0x14dataEnglishGreat Britain1.15
                                                                                                                  RT_GROUP_ICON0xdd0200x14dataEnglishGreat Britain1.25
                                                                                                                  RT_VERSION0xdd0340xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                  RT_MANIFEST0xdd1100x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                  Imports

                                                                                                                  DLLImport
                                                                                                                  WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                  VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                  WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                  COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                  MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                  WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                  PSAPI.DLLGetProcessMemoryInfo
                                                                                                                  IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                  USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                  UxTheme.dllIsThemeActive
                                                                                                                  KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                  USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                  GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                  COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                  ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                  SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                  ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                  OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                  Possible Origin

                                                                                                                  Language of compilation systemCountry where language is spokenMap
                                                                                                                  EnglishGreat Britain

                                                                                                                  Network Behavior

                                                                                                                  Network Port Distribution

                                                                                                                  TCP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Sep 6, 2024 13:53:59.260382891 CEST49675443192.168.2.523.1.237.91
                                                                                                                  Sep 6, 2024 13:53:59.260457993 CEST49674443192.168.2.523.1.237.91
                                                                                                                  Sep 6, 2024 13:53:59.369764090 CEST49673443192.168.2.523.1.237.91
                                                                                                                  Sep 6, 2024 13:54:05.430342913 CEST49710443192.168.2.594.245.104.56
                                                                                                                  Sep 6, 2024 13:54:05.430407047 CEST4434971094.245.104.56192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:05.430468082 CEST49710443192.168.2.594.245.104.56
                                                                                                                  Sep 6, 2024 13:54:05.434256077 CEST49716443192.168.2.594.245.104.56
                                                                                                                  Sep 6, 2024 13:54:05.434262991 CEST4434971694.245.104.56192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:05.434328079 CEST49716443192.168.2.594.245.104.56
                                                                                                                  Sep 6, 2024 13:54:05.516436100 CEST49716443192.168.2.594.245.104.56
                                                                                                                  Sep 6, 2024 13:54:05.516470909 CEST4434971694.245.104.56192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:05.517256975 CEST49710443192.168.2.594.245.104.56
                                                                                                                  Sep 6, 2024 13:54:05.517280102 CEST4434971094.245.104.56192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:06.298345089 CEST4434971094.245.104.56192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:06.324693918 CEST4434971694.245.104.56192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:06.352870941 CEST49710443192.168.2.594.245.104.56
                                                                                                                  Sep 6, 2024 13:54:06.352886915 CEST4434971094.245.104.56192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:06.353113890 CEST49716443192.168.2.594.245.104.56
                                                                                                                  Sep 6, 2024 13:54:06.353121042 CEST4434971694.245.104.56192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:06.354146957 CEST4434971094.245.104.56192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:06.354156971 CEST4434971094.245.104.56192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:06.354224920 CEST49710443192.168.2.594.245.104.56
                                                                                                                  Sep 6, 2024 13:54:06.354257107 CEST4434971694.245.104.56192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:06.354305029 CEST49716443192.168.2.594.245.104.56
                                                                                                                  Sep 6, 2024 13:54:06.363848925 CEST49716443192.168.2.594.245.104.56
                                                                                                                  Sep 6, 2024 13:54:06.363934994 CEST4434971694.245.104.56192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:06.363944054 CEST49710443192.168.2.594.245.104.56
                                                                                                                  Sep 6, 2024 13:54:06.364037037 CEST4434971094.245.104.56192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:06.364114046 CEST49716443192.168.2.594.245.104.56
                                                                                                                  Sep 6, 2024 13:54:06.364119053 CEST4434971694.245.104.56192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:06.498943090 CEST49716443192.168.2.594.245.104.56
                                                                                                                  Sep 6, 2024 13:54:06.563091040 CEST4434971694.245.104.56192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:06.563215971 CEST4434971694.245.104.56192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:06.563302040 CEST49716443192.168.2.594.245.104.56
                                                                                                                  Sep 6, 2024 13:54:06.572504997 CEST4434971094.245.104.56192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:06.572577000 CEST49710443192.168.2.594.245.104.56
                                                                                                                  Sep 6, 2024 13:54:06.603640079 CEST49716443192.168.2.594.245.104.56
                                                                                                                  Sep 6, 2024 13:54:06.603658915 CEST4434971694.245.104.56192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:08.875119925 CEST49674443192.168.2.523.1.237.91
                                                                                                                  Sep 6, 2024 13:54:08.996557951 CEST49675443192.168.2.523.1.237.91
                                                                                                                  Sep 6, 2024 13:54:08.996583939 CEST49673443192.168.2.523.1.237.91
                                                                                                                  Sep 6, 2024 13:54:09.361737013 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:09.361783028 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.362647057 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:09.363178015 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:09.363193035 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.600045919 CEST49730443192.168.2.5184.28.90.27
                                                                                                                  Sep 6, 2024 13:54:09.600074053 CEST44349730184.28.90.27192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.607366085 CEST49730443192.168.2.5184.28.90.27
                                                                                                                  Sep 6, 2024 13:54:09.608997107 CEST49730443192.168.2.5184.28.90.27
                                                                                                                  Sep 6, 2024 13:54:09.609010935 CEST44349730184.28.90.27192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.789283991 CEST49734443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:09.789310932 CEST44349734162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.789459944 CEST49735443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:09.789499998 CEST44349735162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.792043924 CEST49734443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:09.792087078 CEST49735443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:09.792382002 CEST49735443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:09.792398930 CEST44349735162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.792515993 CEST49734443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:09.792532921 CEST44349734162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.797384977 CEST49736443192.168.2.5172.64.41.3
                                                                                                                  Sep 6, 2024 13:54:09.797394037 CEST44349736172.64.41.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.806843996 CEST49736443192.168.2.5172.64.41.3
                                                                                                                  Sep 6, 2024 13:54:09.807434082 CEST49736443192.168.2.5172.64.41.3
                                                                                                                  Sep 6, 2024 13:54:09.807450056 CEST44349736172.64.41.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.835381031 CEST49737443192.168.2.535.190.72.216
                                                                                                                  Sep 6, 2024 13:54:09.835406065 CEST4434973735.190.72.216192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.837385893 CEST49737443192.168.2.535.190.72.216
                                                                                                                  Sep 6, 2024 13:54:09.842462063 CEST49737443192.168.2.535.190.72.216
                                                                                                                  Sep 6, 2024 13:54:09.842475891 CEST4434973735.190.72.216192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.108962059 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.109489918 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.109509945 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.109935999 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.109950066 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.110101938 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.110109091 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.118928909 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.118937016 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.122597933 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.122678995 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.122849941 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.131999969 CEST49742443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:10.132025003 CEST4434974234.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.133497000 CEST4974380192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:10.135755062 CEST49742443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:10.137368917 CEST49742443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:10.137387037 CEST4434974234.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.138314009 CEST804974334.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.145256996 CEST4974380192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:10.145653009 CEST4974380192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:10.150475025 CEST804974334.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.163337946 CEST49744443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:10.163348913 CEST4434974435.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.165488958 CEST49745443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:10.165507078 CEST4434974534.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.165684938 CEST49744443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:10.165700912 CEST49745443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:10.165747881 CEST49744443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:10.165757895 CEST4434974435.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.167083979 CEST49745443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:10.167099953 CEST4434974534.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.168498993 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.215554953 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.215567112 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.253411055 CEST44349735162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.254523039 CEST44349734162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.259251118 CEST49735443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:10.259262085 CEST44349735162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.259380102 CEST49734443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:10.259388924 CEST44349734162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.260293961 CEST44349735162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.260569096 CEST44349734162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.261506081 CEST49735443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:10.261689901 CEST49734443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:10.266210079 CEST49734443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:10.266272068 CEST44349734162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.266907930 CEST49734443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:10.266988039 CEST49735443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:10.267060041 CEST44349735162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.267276049 CEST49735443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:10.275857925 CEST44349730184.28.90.27192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.275871992 CEST44349730184.28.90.27192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.277553082 CEST49730443192.168.2.5184.28.90.27
                                                                                                                  Sep 6, 2024 13:54:10.282529116 CEST49730443192.168.2.5184.28.90.27
                                                                                                                  Sep 6, 2024 13:54:10.282543898 CEST44349730184.28.90.27192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.282757044 CEST44349730184.28.90.27192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.289062023 CEST44349736172.64.41.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.289566040 CEST49736443192.168.2.5172.64.41.3
                                                                                                                  Sep 6, 2024 13:54:10.289575100 CEST44349736172.64.41.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.290565014 CEST44349736172.64.41.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.290579081 CEST44349736172.64.41.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.294116020 CEST49736443192.168.2.5172.64.41.3
                                                                                                                  Sep 6, 2024 13:54:10.300205946 CEST49736443192.168.2.5172.64.41.3
                                                                                                                  Sep 6, 2024 13:54:10.300271988 CEST44349736172.64.41.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.300364971 CEST49736443192.168.2.5172.64.41.3
                                                                                                                  Sep 6, 2024 13:54:10.302032948 CEST4434973735.190.72.216192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.305778980 CEST49737443192.168.2.535.190.72.216
                                                                                                                  Sep 6, 2024 13:54:10.308501959 CEST44349734162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.312495947 CEST44349735162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.315249920 CEST49737443192.168.2.535.190.72.216
                                                                                                                  Sep 6, 2024 13:54:10.315263033 CEST4434973735.190.72.216192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.315411091 CEST4434973735.190.72.216192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.315439939 CEST49737443192.168.2.535.190.72.216
                                                                                                                  Sep 6, 2024 13:54:10.315445900 CEST4434973735.190.72.216192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.315866947 CEST49746443192.168.2.535.190.72.216
                                                                                                                  Sep 6, 2024 13:54:10.315890074 CEST4434974635.190.72.216192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.318065882 CEST49746443192.168.2.535.190.72.216
                                                                                                                  Sep 6, 2024 13:54:10.319511890 CEST49746443192.168.2.535.190.72.216
                                                                                                                  Sep 6, 2024 13:54:10.319526911 CEST4434974635.190.72.216192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.334909916 CEST49730443192.168.2.5184.28.90.27
                                                                                                                  Sep 6, 2024 13:54:10.340507984 CEST44349736172.64.41.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.367556095 CEST44349735162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.372519970 CEST49735443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:10.373310089 CEST49735443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:10.373331070 CEST44349735162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.376503944 CEST44349730184.28.90.27192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.378211975 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.379123926 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.379256964 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.383930922 CEST44349734162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.385431051 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.385461092 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.386420965 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.386430979 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.386441946 CEST49734443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:10.386682987 CEST49734443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:10.386701107 CEST44349734162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.387630939 CEST49736443192.168.2.5172.64.41.3
                                                                                                                  Sep 6, 2024 13:54:10.387639046 CEST44349736172.64.41.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.391793966 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.398159981 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.398201942 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.403760910 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.403769016 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.404575109 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.405690908 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.405697107 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.410937071 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.416801929 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.416831017 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.420538902 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.420547962 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.420567036 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.435044050 CEST44349736172.64.41.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.437889099 CEST49736443192.168.2.5172.64.41.3
                                                                                                                  Sep 6, 2024 13:54:10.438288927 CEST49736443192.168.2.5172.64.41.3
                                                                                                                  Sep 6, 2024 13:54:10.438307047 CEST44349736172.64.41.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.468805075 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.468879938 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.468905926 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.473264933 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.473297119 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.479449034 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.479590893 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.483179092 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.483191013 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.485683918 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.491977930 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.492008924 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.497863054 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.497872114 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.498274088 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.504008055 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.504487991 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.504492044 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.504573107 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.506547928 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.506553888 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.508594036 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.510761976 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.516529083 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.516630888 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.520503998 CEST4434973735.190.72.216192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.522094965 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.522144079 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.527856112 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.527868986 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.528469086 CEST49737443192.168.2.535.190.72.216
                                                                                                                  Sep 6, 2024 13:54:10.528501034 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.532140017 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.539715052 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.539757967 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.540170908 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.540208101 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.541543961 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.541551113 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.542088985 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.544749975 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.550192118 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.550276995 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.552994013 CEST44349730184.28.90.27192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.553041935 CEST44349730184.28.90.27192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.554882050 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.559619904 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.559626102 CEST49730443192.168.2.5184.28.90.27
                                                                                                                  Sep 6, 2024 13:54:10.559628010 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.559777021 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.559809923 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.560538054 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.560544968 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.562763929 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.562793970 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.562799931 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.566454887 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.566885948 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.566891909 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.567723036 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.569963932 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.573476076 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.573532104 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.577418089 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.577455997 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.577599049 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.577606916 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.582319021 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.585747957 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.585798025 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.587739944 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.587768078 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.591171026 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.591222048 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.593672037 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.593681097 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.594744921 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.597903013 CEST804974334.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.598190069 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.598232031 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.601767063 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.601926088 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.602543116 CEST4434974234.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.605429888 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.605693102 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.605705976 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.608860970 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.608932972 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.611222029 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.611228943 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.611251116 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.612330914 CEST4434970323.1.237.91192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.612893105 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.613038063 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.613049984 CEST49742443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:10.615858078 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.615907907 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.617240906 CEST49742443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:10.617254972 CEST4434974234.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.617342949 CEST49742443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:10.617490053 CEST4434974234.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.617714882 CEST49749443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:10.617739916 CEST4434974934.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.618906975 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.618915081 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.618963957 CEST49703443192.168.2.523.1.237.91
                                                                                                                  Sep 6, 2024 13:54:10.619879007 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.619904995 CEST49742443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:10.619935036 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.619942904 CEST49749443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:10.621748924 CEST49749443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:10.621759892 CEST4434974934.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.623404980 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.629967928 CEST49730443192.168.2.5184.28.90.27
                                                                                                                  Sep 6, 2024 13:54:10.629983902 CEST44349730184.28.90.27192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.629993916 CEST49730443192.168.2.5184.28.90.27
                                                                                                                  Sep 6, 2024 13:54:10.630000114 CEST44349730184.28.90.27192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.630422115 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.630606890 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.630636930 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.630667925 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.630697012 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.631172895 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.632873058 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.632920027 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.636038065 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.636076927 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.636110067 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.639096022 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.639139891 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.640588999 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.640602112 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.642427921 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.644537926 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.645486116 CEST4434974435.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.645657063 CEST4434974534.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.651926994 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.651964903 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.652160883 CEST49744443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:10.652513981 CEST4434974534.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.652700901 CEST49727443192.168.2.5142.250.185.225
                                                                                                                  Sep 6, 2024 13:54:10.652719975 CEST44349727142.250.185.225192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.654592037 CEST49745443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:10.654916048 CEST49745443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:10.654958010 CEST49744443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:10.654963970 CEST4434974435.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.655193090 CEST4434974435.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.659562111 CEST49744443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:10.659638882 CEST49744443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:10.659688950 CEST4434974435.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.660101891 CEST49744443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:10.670768023 CEST49745443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:10.670775890 CEST4434974534.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.670869112 CEST49745443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:10.670974016 CEST4434974534.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.671058893 CEST49745443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:10.671603918 CEST49750443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:10.671619892 CEST4434975034.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.675004005 CEST49750443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:10.676419020 CEST49750443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:10.676430941 CEST4434975034.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.777688980 CEST4974380192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:10.804843903 CEST4434974635.190.72.216192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.816133022 CEST49746443192.168.2.535.190.72.216
                                                                                                                  Sep 6, 2024 13:54:10.821103096 CEST49746443192.168.2.535.190.72.216
                                                                                                                  Sep 6, 2024 13:54:10.821119070 CEST4434974635.190.72.216192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.821149111 CEST49746443192.168.2.535.190.72.216
                                                                                                                  Sep 6, 2024 13:54:10.821264982 CEST4434974635.190.72.216192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.823436975 CEST49746443192.168.2.535.190.72.216
                                                                                                                  Sep 6, 2024 13:54:10.934566021 CEST49752443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:10.934597969 CEST44349752162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.935643911 CEST49752443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:10.935954094 CEST49753443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:10.935988903 CEST44349753162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.936222076 CEST49752443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:10.936238050 CEST44349752162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.943741083 CEST49754443192.168.2.5184.28.90.27
                                                                                                                  Sep 6, 2024 13:54:10.943764925 CEST44349754184.28.90.27192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.946140051 CEST49753443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:10.947264910 CEST49753443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:10.947282076 CEST44349753162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.947577953 CEST49754443192.168.2.5184.28.90.27
                                                                                                                  Sep 6, 2024 13:54:10.948649883 CEST49754443192.168.2.5184.28.90.27
                                                                                                                  Sep 6, 2024 13:54:10.948657990 CEST44349754184.28.90.27192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.107017994 CEST4434974934.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.113009930 CEST49749443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:11.118124008 CEST49749443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:11.118143082 CEST4434974934.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.118200064 CEST49749443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:11.118455887 CEST4434974934.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.127995014 CEST49749443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:11.168488026 CEST4434975034.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.168672085 CEST49750443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:11.173717976 CEST49750443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:11.173726082 CEST4434975034.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.173871994 CEST49750443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:11.173933983 CEST4434975034.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.174015999 CEST49750443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:11.190182924 CEST49755443192.168.2.5152.195.19.97
                                                                                                                  Sep 6, 2024 13:54:11.190218925 CEST44349755152.195.19.97192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.190279007 CEST49755443192.168.2.5152.195.19.97
                                                                                                                  Sep 6, 2024 13:54:11.190777063 CEST49755443192.168.2.5152.195.19.97
                                                                                                                  Sep 6, 2024 13:54:11.190792084 CEST44349755152.195.19.97192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.245161057 CEST49710443192.168.2.594.245.104.56
                                                                                                                  Sep 6, 2024 13:54:11.245232105 CEST49752443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.245254040 CEST4434971094.245.104.56192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.245279074 CEST49753443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.245487928 CEST4434971094.245.104.56192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.245733976 CEST49755443192.168.2.5152.195.19.97
                                                                                                                  Sep 6, 2024 13:54:11.246170998 CEST49757443192.168.2.5152.195.19.97
                                                                                                                  Sep 6, 2024 13:54:11.246196032 CEST44349757152.195.19.97192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.247555017 CEST49710443192.168.2.594.245.104.56
                                                                                                                  Sep 6, 2024 13:54:11.251188993 CEST49710443192.168.2.594.245.104.56
                                                                                                                  Sep 6, 2024 13:54:11.251280069 CEST49757443192.168.2.5152.195.19.97
                                                                                                                  Sep 6, 2024 13:54:11.251619101 CEST49757443192.168.2.5152.195.19.97
                                                                                                                  Sep 6, 2024 13:54:11.251632929 CEST44349757152.195.19.97192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.288510084 CEST44349755152.195.19.97192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.292493105 CEST44349752162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.292500973 CEST44349753162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.401897907 CEST44349752162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.402000904 CEST44349752162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.402204990 CEST44349753162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.402334929 CEST44349753162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.409560919 CEST4974380192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:11.414603949 CEST804974334.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.416492939 CEST49752443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.416501045 CEST44349752162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.416528940 CEST49753443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.416531086 CEST49752443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.416528940 CEST49753443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.416634083 CEST4974380192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:11.419641972 CEST49752443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.427436113 CEST49759443192.168.2.534.160.144.191
                                                                                                                  Sep 6, 2024 13:54:11.427457094 CEST4434975934.160.144.191192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.431515932 CEST49759443192.168.2.534.160.144.191
                                                                                                                  Sep 6, 2024 13:54:11.431899071 CEST49759443192.168.2.534.160.144.191
                                                                                                                  Sep 6, 2024 13:54:11.431910038 CEST4434975934.160.144.191192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.582040071 CEST44349754184.28.90.27192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.582110882 CEST49754443192.168.2.5184.28.90.27
                                                                                                                  Sep 6, 2024 13:54:11.583395004 CEST49754443192.168.2.5184.28.90.27
                                                                                                                  Sep 6, 2024 13:54:11.583401918 CEST44349754184.28.90.27192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.583627939 CEST44349754184.28.90.27192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.584695101 CEST49754443192.168.2.5184.28.90.27
                                                                                                                  Sep 6, 2024 13:54:11.632496119 CEST44349754184.28.90.27192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.748534918 CEST44349755152.195.19.97192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.748636961 CEST49755443192.168.2.5152.195.19.97
                                                                                                                  Sep 6, 2024 13:54:11.805516005 CEST44349757152.195.19.97192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.805902004 CEST49757443192.168.2.5152.195.19.97
                                                                                                                  Sep 6, 2024 13:54:11.805923939 CEST44349757152.195.19.97192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.806921959 CEST44349757152.195.19.97192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.807163000 CEST49757443192.168.2.5152.195.19.97
                                                                                                                  Sep 6, 2024 13:54:11.808290005 CEST49757443192.168.2.5152.195.19.97
                                                                                                                  Sep 6, 2024 13:54:11.808347940 CEST44349757152.195.19.97192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.808540106 CEST49757443192.168.2.5152.195.19.97
                                                                                                                  Sep 6, 2024 13:54:11.808548927 CEST44349757152.195.19.97192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.837130070 CEST49760443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:11.837158918 CEST4434976034.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.842037916 CEST49760443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:11.843718052 CEST49760443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:11.843728065 CEST4434976034.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.846843958 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:11.847071886 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:11.851661921 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.851778030 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:11.851839066 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.851897001 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:11.851911068 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:11.852016926 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:11.856698036 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.856745958 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.857772112 CEST44349754184.28.90.27192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.857846022 CEST44349754184.28.90.27192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.860832930 CEST49754443192.168.2.5184.28.90.27
                                                                                                                  Sep 6, 2024 13:54:11.862891912 CEST49754443192.168.2.5184.28.90.27
                                                                                                                  Sep 6, 2024 13:54:11.862911940 CEST44349754184.28.90.27192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.862921953 CEST49754443192.168.2.5184.28.90.27
                                                                                                                  Sep 6, 2024 13:54:11.862930059 CEST44349754184.28.90.27192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.908351898 CEST44349757152.195.19.97192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.908396959 CEST44349757152.195.19.97192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.908418894 CEST44349757152.195.19.97192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.908854008 CEST49757443192.168.2.5152.195.19.97
                                                                                                                  Sep 6, 2024 13:54:11.910933971 CEST49757443192.168.2.5152.195.19.97
                                                                                                                  Sep 6, 2024 13:54:11.910957098 CEST44349757152.195.19.97192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.911326885 CEST4434975934.160.144.191192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.912657976 CEST49759443192.168.2.534.160.144.191
                                                                                                                  Sep 6, 2024 13:54:11.996798038 CEST49763443192.168.2.5142.250.176.206
                                                                                                                  Sep 6, 2024 13:54:11.996820927 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.997606993 CEST49763443192.168.2.5142.250.176.206
                                                                                                                  Sep 6, 2024 13:54:11.998115063 CEST49763443192.168.2.5142.250.176.206
                                                                                                                  Sep 6, 2024 13:54:11.998126984 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.015901089 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.015944004 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.018870115 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.019375086 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.019387007 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.257797003 CEST49765443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.257853031 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.258011103 CEST49765443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.258248091 CEST49765443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.258264065 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.296611071 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.306674004 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.309370995 CEST4434976034.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.314232111 CEST49760443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:12.372545004 CEST49767443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.372565985 CEST44349767162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.372715950 CEST49768443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.372724056 CEST44349768162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.374825954 CEST49767443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.375094891 CEST49767443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.375103951 CEST44349767162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.385085106 CEST49768443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.385458946 CEST49768443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.385477066 CEST44349768162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.389913082 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:12.456243992 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.456576109 CEST49763443192.168.2.5142.250.176.206
                                                                                                                  Sep 6, 2024 13:54:12.456592083 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.456967115 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.457036018 CEST49763443192.168.2.5142.250.176.206
                                                                                                                  Sep 6, 2024 13:54:12.457650900 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.457706928 CEST49763443192.168.2.5142.250.176.206
                                                                                                                  Sep 6, 2024 13:54:12.458981037 CEST49763443192.168.2.5142.250.176.206
                                                                                                                  Sep 6, 2024 13:54:12.459039927 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.459156036 CEST49763443192.168.2.5142.250.176.206
                                                                                                                  Sep 6, 2024 13:54:12.472011089 CEST49759443192.168.2.534.160.144.191
                                                                                                                  Sep 6, 2024 13:54:12.472021103 CEST4434975934.160.144.191192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.472284079 CEST4434975934.160.144.191192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.479903936 CEST49759443192.168.2.534.160.144.191
                                                                                                                  Sep 6, 2024 13:54:12.480009079 CEST49759443192.168.2.534.160.144.191
                                                                                                                  Sep 6, 2024 13:54:12.480045080 CEST4434975934.160.144.191192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.480345964 CEST49769443192.168.2.534.160.144.191
                                                                                                                  Sep 6, 2024 13:54:12.480386019 CEST4434976934.160.144.191192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.481291056 CEST49760443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:12.481302977 CEST4434976034.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.481380939 CEST49760443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:12.481544018 CEST4434976034.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.481719971 CEST49770443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:12.481729984 CEST4434977034.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.485553980 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:12.485572100 CEST49759443192.168.2.534.160.144.191
                                                                                                                  Sep 6, 2024 13:54:12.492702007 CEST49759443192.168.2.534.160.144.191
                                                                                                                  Sep 6, 2024 13:54:12.492754936 CEST49760443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:12.492793083 CEST49769443192.168.2.534.160.144.191
                                                                                                                  Sep 6, 2024 13:54:12.492793083 CEST49770443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:12.493016958 CEST49769443192.168.2.534.160.144.191
                                                                                                                  Sep 6, 2024 13:54:12.493025064 CEST4434976934.160.144.191192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.494429111 CEST49770443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:12.494446039 CEST4434977034.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.500504017 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.601721048 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.601768970 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.601928949 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.602159977 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.602252960 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.603933096 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.604166031 CEST49763443192.168.2.5142.250.176.206
                                                                                                                  Sep 6, 2024 13:54:12.604187012 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.604196072 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.604226112 CEST49763443192.168.2.5142.250.176.206
                                                                                                                  Sep 6, 2024 13:54:12.604266882 CEST49763443192.168.2.5142.250.176.206
                                                                                                                  Sep 6, 2024 13:54:12.658436060 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.668775082 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.668786049 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.669893980 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.671739101 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.672764063 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.672826052 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.672899961 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.688431978 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.688468933 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.688508034 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.688540936 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.688574076 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.688760996 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.688952923 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.689011097 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.689040899 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.689069986 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.689640045 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.698538065 CEST49763443192.168.2.5142.250.176.206
                                                                                                                  Sep 6, 2024 13:54:12.713412046 CEST49763443192.168.2.5142.250.176.206
                                                                                                                  Sep 6, 2024 13:54:12.714241982 CEST49763443192.168.2.5142.250.176.206
                                                                                                                  Sep 6, 2024 13:54:12.714253902 CEST44349763142.250.176.206192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.720504045 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.776757002 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.776782990 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.788899899 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.788914919 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.788945913 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.804460049 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.805865049 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.826332092 CEST44349767162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.841480017 CEST49767443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.841494083 CEST44349767162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.841850996 CEST44349767162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.848268032 CEST44349768162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.858380079 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.858390093 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.858407974 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.858417988 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.858424902 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.858438015 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.860884905 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.860892057 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.860905886 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.860922098 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.860929966 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.860940933 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.862819910 CEST49768443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.862828016 CEST44349768162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.863404036 CEST44349768162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.872190952 CEST49767443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.872268915 CEST44349767162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.872994900 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.873007059 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.882782936 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.882968903 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.883239031 CEST49768443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.883320093 CEST44349768162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.884654045 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.896548986 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.906624079 CEST49765443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.906651020 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.907653093 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.916502953 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.918013096 CEST49765443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.918526888 CEST49765443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.918590069 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.918678045 CEST49765443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.921324015 CEST49765443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.922231913 CEST49771443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:12.922255993 CEST44349771142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.922369003 CEST49772443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:12.922399044 CEST44349772142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.922985077 CEST49771443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:12.923191071 CEST49772443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:12.923420906 CEST49772443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:12.923433065 CEST44349772142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.923597097 CEST49771443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:12.923607111 CEST44349771142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.944381952 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.944391966 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.944428921 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.944458008 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.944466114 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.944477081 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.944561958 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.944914103 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.944931030 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.945250034 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.945256948 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.945334911 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.945568085 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.945583105 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.946197987 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.946203947 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.946374893 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.949027061 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.949048042 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.949125051 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.949131012 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.949203014 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.959115028 CEST4434977034.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.959127903 CEST4434977034.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.959209919 CEST49770443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:12.960503101 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.964231014 CEST49770443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:12.964237928 CEST4434977034.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.964349985 CEST49770443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:12.964369059 CEST4434977034.117.188.166192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.971714020 CEST49770443192.168.2.534.117.188.166
                                                                                                                  Sep 6, 2024 13:54:12.973201036 CEST4434976934.160.144.191192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.973212004 CEST4434976934.160.144.191192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.978301048 CEST49769443192.168.2.534.160.144.191
                                                                                                                  Sep 6, 2024 13:54:12.981281996 CEST49767443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.981332064 CEST49765443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:12.981342077 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.993338108 CEST49768443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:13.010329008 CEST49769443192.168.2.534.160.144.191
                                                                                                                  Sep 6, 2024 13:54:13.010344028 CEST4434976934.160.144.191192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.010618925 CEST4434976934.160.144.191192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.012411118 CEST49769443192.168.2.534.160.144.191
                                                                                                                  Sep 6, 2024 13:54:13.012480021 CEST49769443192.168.2.534.160.144.191
                                                                                                                  Sep 6, 2024 13:54:13.012588978 CEST4434976934.160.144.191192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.014211893 CEST49769443192.168.2.534.160.144.191
                                                                                                                  Sep 6, 2024 13:54:13.014213085 CEST49769443192.168.2.534.160.144.191
                                                                                                                  Sep 6, 2024 13:54:13.016824007 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.016834974 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.016860962 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.016869068 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.016877890 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.025346041 CEST49765443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.025360107 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.025391102 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.025672913 CEST49765443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.031101942 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.031121969 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.031589031 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.031620026 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.031961918 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.031979084 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.039843082 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.039851904 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.039895058 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.039913893 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.040108919 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.040117025 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.040136099 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.040139914 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.040159941 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.040164948 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.040209055 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.040213108 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.040256023 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.040256023 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.040312052 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.040371895 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.041892052 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.041934013 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.103638887 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.103650093 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.103678942 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.103688002 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.103785038 CEST49765443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.103801012 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.103909016 CEST49765443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.105257988 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.105269909 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.105293036 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.105319023 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.106400013 CEST49765443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.106409073 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.106517076 CEST49765443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.117639065 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.117664099 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.117947102 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.117989063 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.118097067 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.118117094 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.118377924 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.118400097 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.118542910 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.118577957 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.118623972 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.119425058 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.130494118 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.131124973 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.131885052 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.131927967 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.131993055 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.136115074 CEST49764443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.136137009 CEST4434976413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.191581964 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.191591024 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.191628933 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.191721916 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.191792011 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.192092896 CEST49765443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.193142891 CEST49765443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.193887949 CEST49765443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.194645882 CEST49765443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.194664001 CEST4434976513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.338834047 CEST49774443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.338871002 CEST4434977413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.341269970 CEST49774443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.351964951 CEST49774443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.351983070 CEST4434977413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.384443998 CEST44349772142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.406995058 CEST49772443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.407012939 CEST44349772142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.407556057 CEST44349772142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.408344984 CEST44349772142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.408376932 CEST49772443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.408386946 CEST44349772142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.409327984 CEST44349771142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.413955927 CEST49772443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.417912960 CEST49771443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.417922974 CEST44349771142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.418178082 CEST49772443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.418288946 CEST44349771142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.418323994 CEST44349772142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.418961048 CEST44349771142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.420943975 CEST49772443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.421010971 CEST49771443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.421016932 CEST44349771142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.422635078 CEST49771443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.422698975 CEST44349771142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.423295021 CEST49771443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.468498945 CEST44349771142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.468503952 CEST44349772142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.482386112 CEST49772443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.482394934 CEST44349772142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.482402086 CEST49771443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.482407093 CEST44349771142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.527930975 CEST44349772142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.528004885 CEST49772443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.528671980 CEST49772443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.528687954 CEST44349772142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.535676003 CEST44349771142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.535763025 CEST49771443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.536355972 CEST49771443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.536366940 CEST44349771142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.657054901 CEST49775443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.657105923 CEST4434977513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.657246113 CEST49776443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.657293081 CEST4434977613.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.657525063 CEST49777443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.657552004 CEST4434977713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.657757998 CEST49778443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.657764912 CEST4434977813.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.657901049 CEST49779443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.657908916 CEST4434977913.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.663841963 CEST49775443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.663855076 CEST49776443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.663856030 CEST49777443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.663955927 CEST49779443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.663959980 CEST49778443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.664109945 CEST49775443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.664124966 CEST4434977513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.664217949 CEST49779443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.664233923 CEST4434977913.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.664340019 CEST49778443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.664354086 CEST4434977813.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.664441109 CEST49777443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.664453030 CEST4434977713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.664541006 CEST49776443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.664551020 CEST4434977613.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.721451044 CEST49780443192.168.2.5142.251.41.4
                                                                                                                  Sep 6, 2024 13:54:13.721482992 CEST44349780142.251.41.4192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.724384069 CEST49780443192.168.2.5142.251.41.4
                                                                                                                  Sep 6, 2024 13:54:13.724694967 CEST49780443192.168.2.5142.251.41.4
                                                                                                                  Sep 6, 2024 13:54:13.724709988 CEST44349780142.251.41.4192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.755481958 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:13.756210089 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:13.760255098 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.760970116 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.842427969 CEST49781443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.842457056 CEST44349781142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.842586040 CEST49782443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.842592955 CEST44349782142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.843684912 CEST49781443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.843684912 CEST49782443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.843992949 CEST49782443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.844005108 CEST44349782142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.844377995 CEST49781443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.844388008 CEST44349781142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.851017952 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.851701021 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.982449055 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:13.996422052 CEST4434977413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.997653961 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:13.998994112 CEST49774443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:13.999007940 CEST4434977413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.999453068 CEST4434977413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.001844883 CEST49774443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.001912117 CEST4434977413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.001988888 CEST49774443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.048505068 CEST4434977413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.099704027 CEST4434977413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.099726915 CEST4434977413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.099847078 CEST4434977413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.100862026 CEST49774443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.102086067 CEST49774443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.102107048 CEST4434977413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.102334976 CEST49784443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.102377892 CEST4434978413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.103396893 CEST49784443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.104485035 CEST49784443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.104499102 CEST4434978413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.196234941 CEST44349780142.251.41.4192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.198404074 CEST49780443192.168.2.5142.251.41.4
                                                                                                                  Sep 6, 2024 13:54:14.198426008 CEST44349780142.251.41.4192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.199517012 CEST44349780142.251.41.4192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.204283953 CEST49780443192.168.2.5142.251.41.4
                                                                                                                  Sep 6, 2024 13:54:14.206685066 CEST49780443192.168.2.5142.251.41.4
                                                                                                                  Sep 6, 2024 13:54:14.206754923 CEST44349780142.251.41.4192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.206866026 CEST49780443192.168.2.5142.251.41.4
                                                                                                                  Sep 6, 2024 13:54:14.248505116 CEST44349780142.251.41.4192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.302825928 CEST4434977713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.302826881 CEST4434977813.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.302869081 CEST4434977913.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.302901030 CEST4434977613.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.303137064 CEST49778443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.303155899 CEST4434977813.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.303242922 CEST49779443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.303260088 CEST4434977913.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.303334951 CEST49777443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.303345919 CEST4434977713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.303426981 CEST49776443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.303433895 CEST4434977613.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.303436995 CEST44349781142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.303651094 CEST49781443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:14.303669930 CEST44349781142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.304061890 CEST44349781142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.304131985 CEST49781443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:14.304148912 CEST44349780142.251.41.4192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.304184914 CEST44349780142.251.41.4192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.304198980 CEST49780443192.168.2.5142.251.41.4
                                                                                                                  Sep 6, 2024 13:54:14.304208994 CEST44349780142.251.41.4192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.304234982 CEST44349780142.251.41.4192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.304255009 CEST4434977813.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.304275990 CEST44349780142.251.41.4192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.304331064 CEST4434977913.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.304342985 CEST49780443192.168.2.5142.251.41.4
                                                                                                                  Sep 6, 2024 13:54:14.304348946 CEST44349780142.251.41.4192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.304364920 CEST49778443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.304378986 CEST4434977713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.304393053 CEST49779443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.304549932 CEST49777443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.304627895 CEST4434977613.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.304757118 CEST49776443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.304760933 CEST44349780142.251.41.4192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.304850101 CEST44349781142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.305048943 CEST49780443192.168.2.5142.251.41.4
                                                                                                                  Sep 6, 2024 13:54:14.305059910 CEST49781443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:14.305061102 CEST49778443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.305128098 CEST4434977813.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.305207968 CEST49779443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.305274963 CEST4434977913.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.305445910 CEST49777443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.305516005 CEST4434977713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.305682898 CEST49776443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.305733919 CEST4434977613.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.305815935 CEST49781443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:14.305876970 CEST44349781142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.306369066 CEST49778443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.306376934 CEST4434977813.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.306413889 CEST49779443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.306421995 CEST4434977913.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.306463003 CEST49777443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.306471109 CEST4434977713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.306526899 CEST49776443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.306530952 CEST4434977613.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.307632923 CEST49780443192.168.2.5142.251.41.4
                                                                                                                  Sep 6, 2024 13:54:14.307648897 CEST44349780142.251.41.4192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.307657003 CEST49780443192.168.2.5142.251.41.4
                                                                                                                  Sep 6, 2024 13:54:14.307770967 CEST49780443192.168.2.5142.251.41.4
                                                                                                                  Sep 6, 2024 13:54:14.311613083 CEST44349782142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.312479019 CEST49782443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:14.312500000 CEST44349782142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.312880039 CEST44349782142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.313590050 CEST44349782142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.318309069 CEST49782443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:14.318317890 CEST44349782142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.318878889 CEST49782443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:14.318941116 CEST44349782142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.337546110 CEST4434977513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.337749004 CEST49775443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.337766886 CEST4434977513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.338109016 CEST4434977513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.338387012 CEST49775443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.338449955 CEST4434977513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.338524103 CEST49775443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.375416994 CEST49781443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:14.375426054 CEST44349781142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.375457048 CEST49776443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.375459909 CEST49778443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.384505987 CEST4434977513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.405921936 CEST4434977613.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.405946016 CEST4434977613.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.406016111 CEST49776443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.406027079 CEST4434977613.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.406677008 CEST4434977613.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.407835007 CEST4434977913.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.407908916 CEST4434977813.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.407927036 CEST4434977813.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.408149958 CEST49776443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.408159971 CEST4434977613.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.408436060 CEST49785443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.408459902 CEST4434978513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.408540010 CEST4434977813.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.408673048 CEST4434977713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.408682108 CEST4434977913.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.409461975 CEST49776443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.409471989 CEST4434977713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.409502983 CEST49776443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.409513950 CEST49778443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.409514904 CEST49779443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.409548044 CEST49778443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.409550905 CEST49785443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.409977913 CEST49777443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.410129070 CEST49779443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.410129070 CEST49785443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.410144091 CEST4434978513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.412452936 CEST49779443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.412466049 CEST4434977913.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.412832975 CEST49778443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.412852049 CEST4434977813.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.413122892 CEST49777443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.413127899 CEST4434977713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.442471027 CEST4434977513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.442523956 CEST49775443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.442542076 CEST4434977513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.442698002 CEST4434977513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.443408966 CEST49775443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.443624973 CEST49775443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.443635941 CEST4434977513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.486115932 CEST49781443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:14.500792027 CEST49782443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:14.500798941 CEST44349782142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.514254093 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:14.517059088 CEST49786443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:14.517085075 CEST4434978634.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.517373085 CEST49786443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:14.518870115 CEST49786443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:14.518881083 CEST4434978634.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.519076109 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.604455948 CEST49787443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.604513884 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.604664087 CEST49787443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.604871988 CEST49787443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.604888916 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.610630035 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.701119900 CEST49782443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:14.701143026 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:14.768748999 CEST4434978413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.769505978 CEST49784443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.769530058 CEST4434978413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.769937038 CEST4434978413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.770426989 CEST49784443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.770426989 CEST49784443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.770486116 CEST4434978413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.871939898 CEST4434978413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.872013092 CEST49784443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.872034073 CEST4434978413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.872047901 CEST4434978413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.872353077 CEST49784443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.873465061 CEST49784443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:14.873480082 CEST4434978413.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.988316059 CEST4434978634.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.988429070 CEST49786443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:14.993395090 CEST49786443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:14.993395090 CEST49786443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:14.993415117 CEST4434978634.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.993558884 CEST4434978634.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.993607998 CEST49786443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:15.090221882 CEST4434978513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.093049049 CEST49785443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:15.093067884 CEST4434978513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.093540907 CEST4434978513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.095808029 CEST49785443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:15.095875025 CEST4434978513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.095959902 CEST49785443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:15.136503935 CEST4434978513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.186125994 CEST49785443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:15.197839975 CEST4434978513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.197864056 CEST4434978513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.198172092 CEST4434978513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.199608088 CEST49785443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:15.201935053 CEST49785443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:15.201947927 CEST4434978513.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.248883009 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.258452892 CEST49787443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:15.258481026 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.258829117 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.281624079 CEST49787443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:15.281704903 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.281773090 CEST49787443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:15.324510098 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.380378962 CEST49787443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:15.382945061 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.382966042 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.382972002 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.382997990 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.383013964 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.383023024 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.383033037 CEST49787443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:15.383053064 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.383068085 CEST49787443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:15.383090973 CEST49787443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:15.465385914 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.465394974 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.465423107 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.465447903 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.466263056 CEST49787443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:15.466279984 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.466494083 CEST49787443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:15.467185020 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.467192888 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.467221022 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.467309952 CEST49787443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:15.467318058 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.467416048 CEST49787443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:15.475529909 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:15.480381012 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.552129984 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.552145958 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.552201033 CEST49787443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:15.552223921 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.552350998 CEST49787443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:15.552431107 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.552447081 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.552489042 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.552539110 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.552980900 CEST49787443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:15.553028107 CEST49787443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:15.553265095 CEST49787443192.168.2.513.107.246.40
                                                                                                                  Sep 6, 2024 13:54:15.553282976 CEST4434978713.107.246.40192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.570278883 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:15.681276083 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:16.298543930 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:16.303529978 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:16.395184994 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:16.446093082 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:17.707545996 CEST49788443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:17.707597017 CEST4434978835.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:17.707736969 CEST49788443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:17.707842112 CEST49788443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:17.707856894 CEST4434978835.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:18.167804003 CEST4434978835.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:18.167892933 CEST49788443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:18.171793938 CEST49788443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:18.171804905 CEST4434978835.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:18.172122955 CEST4434978835.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:18.174484968 CEST49788443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:18.174582958 CEST49788443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:18.174735069 CEST4434978835.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:18.174794912 CEST49788443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:18.704674006 CEST49789443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:18.704720020 CEST4434978934.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:18.704772949 CEST49789443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:18.706079006 CEST49789443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:18.706093073 CEST4434978934.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:19.167825937 CEST4434978934.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:19.167891979 CEST49789443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:19.173607111 CEST49789443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:19.173614025 CEST4434978934.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:19.173718929 CEST49789443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:19.173911095 CEST4434978934.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:19.173969030 CEST49789443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:19.366585016 CEST49790443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:19.366619110 CEST4434979040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:19.366739988 CEST49790443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:19.367661953 CEST49790443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:19.367675066 CEST4434979040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:20.170275927 CEST4434979040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:20.170583010 CEST49790443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:20.172059059 CEST49790443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:20.172066927 CEST4434979040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:20.172271967 CEST4434979040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:20.226263046 CEST49790443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:20.657448053 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:20.662401915 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:20.679174900 CEST49794443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:20.679195881 CEST4434979434.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:20.679574966 CEST49794443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:20.681008101 CEST49794443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:20.681020021 CEST4434979434.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:20.752566099 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:20.760629892 CEST49790443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:20.785309076 CEST49795443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:20.785339117 CEST4434979534.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:20.788364887 CEST49795443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:20.789827108 CEST49795443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:20.789839983 CEST4434979534.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:20.795279980 CEST49796443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:20.795310974 CEST4434979634.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:20.795464993 CEST49796443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:20.796785116 CEST49796443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:20.796797991 CEST4434979634.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:20.805805922 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:20.808502913 CEST4434979040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:20.845829010 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:20.850656033 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:20.943420887 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:20.990816116 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:21.025765896 CEST4434979040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.025791883 CEST4434979040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.025799036 CEST4434979040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.025829077 CEST4434979040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.025845051 CEST4434979040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.025856972 CEST4434979040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.026818991 CEST49790443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:21.026848078 CEST4434979040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.026861906 CEST49790443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:21.026866913 CEST4434979040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.026923895 CEST49790443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:21.027144909 CEST4434979040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.027225018 CEST4434979040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.027344942 CEST49790443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:21.160753012 CEST4434979434.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.161217928 CEST49794443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:21.165849924 CEST49794443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:21.165859938 CEST4434979434.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.165931940 CEST49794443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:21.166008949 CEST4434979434.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.167824030 CEST49794443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:21.256216049 CEST4434979534.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.256284952 CEST49795443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:21.262036085 CEST49795443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:21.262044907 CEST4434979534.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.262103081 CEST49795443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:21.262305021 CEST4434979534.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.262346983 CEST49795443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:21.280828953 CEST4434979634.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.281112909 CEST49796443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:21.285593033 CEST49796443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:21.285604000 CEST4434979634.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.285722017 CEST49796443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:21.285795927 CEST4434979634.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.285851002 CEST49796443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:21.286148071 CEST49799443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:21.286164999 CEST4434979934.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.286235094 CEST49799443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:21.287668943 CEST49799443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:21.287679911 CEST4434979934.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.528820992 CEST49790443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:21.528855085 CEST4434979040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.528867006 CEST49790443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:21.528873920 CEST4434979040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.548727989 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:21.553086996 CEST49800443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:21.553108931 CEST4434980034.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.553626060 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.553796053 CEST49800443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:21.555139065 CEST49800443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:21.555150032 CEST4434980034.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.643671036 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.693180084 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:21.715517998 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:21.720328093 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.748361111 CEST4434979934.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.748580933 CEST49799443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:21.752769947 CEST49799443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:21.752784014 CEST4434979934.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.752844095 CEST49799443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:21.752928972 CEST4434979934.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.752995014 CEST49799443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:21.815406084 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.864633083 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:22.023497105 CEST4434980034.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:22.023603916 CEST49800443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:22.028870106 CEST49800443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:22.028884888 CEST4434980034.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:22.028955936 CEST49800443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:22.029037952 CEST4434980034.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:22.030786991 CEST49800443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:22.247014046 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:22.251877069 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:22.341579914 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:22.379084110 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:22.384181976 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:22.402952909 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:22.475919008 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:22.520431995 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:22.605812073 CEST49802443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:22.605838060 CEST4434980234.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:22.605901957 CEST49803443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:22.605922937 CEST4434980334.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:22.606384993 CEST49802443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:22.606496096 CEST49803443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:22.606501102 CEST49802443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:22.606513977 CEST4434980234.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:22.606574059 CEST49803443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:22.606585979 CEST4434980334.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:22.635886908 CEST49804443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:22.635905981 CEST4434980434.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:22.636291027 CEST49804443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:22.637849092 CEST49804443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:22.637859106 CEST4434980434.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:23.082515955 CEST4434980334.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:23.082591057 CEST49803443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:23.096549988 CEST4434980234.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:23.096632957 CEST49802443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:23.100470066 CEST4434980434.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:23.100533962 CEST49804443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:23.320130110 CEST49803443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:23.320153952 CEST4434980334.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:23.320538998 CEST4434980334.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:23.360466957 CEST49803443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:23.767512083 CEST49802443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:23.767533064 CEST4434980234.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:23.767954111 CEST4434980234.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:23.773502111 CEST49803443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:23.773601055 CEST49803443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:23.773817062 CEST4434980334.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:23.773998022 CEST49802443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:23.774064064 CEST49802443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:23.774229050 CEST4434980234.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:23.776187897 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:23.776541948 CEST49804443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:23.776561975 CEST4434980434.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:23.776611090 CEST49804443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:23.776911020 CEST4434980434.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:23.777234077 CEST49803443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:23.777270079 CEST49802443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:23.777270079 CEST49804443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:23.780483961 CEST49805443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:23.780512094 CEST4434980534.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:23.781111956 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:23.781784058 CEST49805443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:23.783099890 CEST49805443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:23.783112049 CEST4434980534.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:23.871083021 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:23.916994095 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:23.944272995 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:23.949129105 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:24.040767908 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:24.090173960 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:24.255986929 CEST4434980534.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:24.256095886 CEST49805443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:24.259921074 CEST49805443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:24.259929895 CEST4434980534.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:24.260031939 CEST49805443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:24.260096073 CEST4434980534.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:24.260828972 CEST49805443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:24.262779951 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:24.265688896 CEST49806443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:24.265706062 CEST4434980634.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:24.265893936 CEST49806443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:24.267345905 CEST49806443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:24.267357111 CEST4434980634.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:24.267703056 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:24.357476950 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:24.359966993 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:24.364907980 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:24.411341906 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:24.456573009 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:24.504884005 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:24.728559017 CEST4434980634.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:24.728646040 CEST49806443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:24.739865065 CEST49806443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:24.739870071 CEST4434980634.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:24.739979029 CEST49806443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:24.740061045 CEST4434980634.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:24.741146088 CEST49806443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:54:24.742621899 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:24.747456074 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:24.837090969 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:24.839828014 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:24.844619036 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:24.878427029 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:24.936017036 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:24.976691008 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:27.742820978 CEST44349767162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:27.742888927 CEST44349767162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:27.743010044 CEST49767443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:27.758568048 CEST44349768162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:27.758632898 CEST44349768162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:27.760059118 CEST49768443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:32.841589928 CEST49807443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:32.841641903 CEST4434980734.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:32.842014074 CEST49807443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:32.843233109 CEST49807443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:32.843251944 CEST4434980734.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:33.508521080 CEST4434980734.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:33.508594036 CEST49807443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:33.513679981 CEST49807443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:33.513691902 CEST4434980734.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:33.513773918 CEST49807443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:33.513907909 CEST4434980734.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:33.517258883 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:33.518121958 CEST49807443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:33.522008896 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:33.611959934 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:33.655859947 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:33.738595009 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:33.745414019 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:33.837938070 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:33.892770052 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:36.472623110 CEST49808443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:36.472665071 CEST4434980835.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:36.477072954 CEST49808443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:36.477195978 CEST49808443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:36.477207899 CEST4434980835.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:36.811763048 CEST49809443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:36.811788082 CEST4434980934.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:36.815912008 CEST49810443192.168.2.535.190.72.216
                                                                                                                  Sep 6, 2024 13:54:36.815921068 CEST4434981035.190.72.216192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:36.816903114 CEST49809443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:36.816998959 CEST49810443192.168.2.535.190.72.216
                                                                                                                  Sep 6, 2024 13:54:36.817101955 CEST49809443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:36.817111015 CEST4434980934.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:36.818659067 CEST49810443192.168.2.535.190.72.216
                                                                                                                  Sep 6, 2024 13:54:36.818666935 CEST4434981035.190.72.216192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:36.819025040 CEST49811443192.168.2.518.65.39.112
                                                                                                                  Sep 6, 2024 13:54:36.819053888 CEST4434981118.65.39.112192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:36.821553946 CEST49811443192.168.2.518.65.39.112
                                                                                                                  Sep 6, 2024 13:54:36.821645975 CEST49811443192.168.2.518.65.39.112
                                                                                                                  Sep 6, 2024 13:54:36.821654081 CEST4434981118.65.39.112192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:36.827239037 CEST49812443192.168.2.535.201.103.21
                                                                                                                  Sep 6, 2024 13:54:36.827282906 CEST4434981235.201.103.21192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:36.827827930 CEST49812443192.168.2.535.201.103.21
                                                                                                                  Sep 6, 2024 13:54:36.829302073 CEST49812443192.168.2.535.201.103.21
                                                                                                                  Sep 6, 2024 13:54:36.829319954 CEST4434981235.201.103.21192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:36.956423998 CEST4434980835.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:36.956506014 CEST49808443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:36.960644007 CEST49808443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:36.960654974 CEST4434980835.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:36.960901022 CEST4434980835.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:36.963380098 CEST49808443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:36.963465929 CEST49808443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:36.963515997 CEST4434980835.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:36.963964939 CEST49808443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:36.968524933 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:36.973454952 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.285279036 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.288141966 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:37.288383007 CEST4434980934.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.288798094 CEST4434981035.190.72.216192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.289053917 CEST49809443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:37.289091110 CEST49810443192.168.2.535.190.72.216
                                                                                                                  Sep 6, 2024 13:54:37.292386055 CEST49809443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:37.292396069 CEST4434980934.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.292649031 CEST4434980934.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.292932987 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.295639992 CEST4434981235.201.103.21192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.295727968 CEST49812443192.168.2.535.201.103.21
                                                                                                                  Sep 6, 2024 13:54:37.299433947 CEST49809443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:37.299634933 CEST49809443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:37.299634933 CEST4434980934.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.299645901 CEST4434980934.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.300144911 CEST49810443192.168.2.535.190.72.216
                                                                                                                  Sep 6, 2024 13:54:37.300151110 CEST4434981035.190.72.216192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.300199986 CEST49810443192.168.2.535.190.72.216
                                                                                                                  Sep 6, 2024 13:54:37.300317049 CEST4434981035.190.72.216192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.301582098 CEST49810443192.168.2.535.190.72.216
                                                                                                                  Sep 6, 2024 13:54:37.301632881 CEST49812443192.168.2.535.201.103.21
                                                                                                                  Sep 6, 2024 13:54:37.301642895 CEST4434981235.201.103.21192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.301702976 CEST49812443192.168.2.535.201.103.21
                                                                                                                  Sep 6, 2024 13:54:37.301821947 CEST4434981235.201.103.21192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.302297115 CEST49812443192.168.2.535.201.103.21
                                                                                                                  Sep 6, 2024 13:54:37.306881905 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:37.315921068 CEST49813443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:37.315967083 CEST4434981334.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.316102982 CEST49813443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:37.316211939 CEST49813443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:37.316226006 CEST4434981334.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.317598104 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.384649992 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.407679081 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.411290884 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:37.416140079 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.450197935 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:37.508507967 CEST4434980934.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.508656979 CEST49809443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:37.511404037 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.543333054 CEST4434981118.65.39.112192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.550710917 CEST49811443192.168.2.518.65.39.112
                                                                                                                  Sep 6, 2024 13:54:37.553426981 CEST49811443192.168.2.518.65.39.112
                                                                                                                  Sep 6, 2024 13:54:37.553442955 CEST4434981118.65.39.112192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.553670883 CEST4434981118.65.39.112192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.555193901 CEST49811443192.168.2.518.65.39.112
                                                                                                                  Sep 6, 2024 13:54:37.555258989 CEST49811443192.168.2.518.65.39.112
                                                                                                                  Sep 6, 2024 13:54:37.555351973 CEST4434981118.65.39.112192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.562299013 CEST49814443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:37.562346935 CEST4434981435.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.563654900 CEST49815443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:37.563680887 CEST4434981535.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.565495014 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:37.566144943 CEST49811443192.168.2.518.65.39.112
                                                                                                                  Sep 6, 2024 13:54:37.566160917 CEST49811443192.168.2.518.65.39.112
                                                                                                                  Sep 6, 2024 13:54:37.566196918 CEST49814443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:37.566241980 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:37.566246986 CEST49815443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:37.566369057 CEST49814443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:37.566386938 CEST4434981435.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.566488981 CEST49815443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:37.566498995 CEST4434981535.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.567615986 CEST49816443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:37.567624092 CEST4434981635.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.567812920 CEST49816443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:37.567919970 CEST49816443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:37.567929029 CEST4434981635.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.570360899 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.665281057 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.668246984 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:37.673058033 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.719830036 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:37.766124964 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.804658890 CEST4434981334.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.804735899 CEST49813443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:37.807893991 CEST49813443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:37.807907104 CEST4434981334.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.808151007 CEST4434981334.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.810825109 CEST49813443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:37.810918093 CEST49813443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:37.810964108 CEST4434981334.149.100.209192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.811825991 CEST49813443192.168.2.534.149.100.209
                                                                                                                  Sep 6, 2024 13:54:37.813930988 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:37.818831921 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.820127964 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:37.908787966 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.911295891 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:37.916234016 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:37.951651096 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:38.007896900 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:38.037200928 CEST4434981435.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:38.037563086 CEST4434981535.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:38.038269043 CEST4434981635.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:38.039918900 CEST49814443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:38.039953947 CEST49815443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:38.039953947 CEST49816443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:38.049072981 CEST49814443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:38.049084902 CEST4434981435.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:38.049355984 CEST4434981435.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:38.051542997 CEST49816443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:38.051558971 CEST4434981635.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:38.051810026 CEST4434981635.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:38.051973104 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:38.054105043 CEST49815443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:38.054117918 CEST4434981535.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:38.054378033 CEST4434981535.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:38.057902098 CEST49814443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:38.057996988 CEST49814443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:38.058089972 CEST4434981435.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:38.058219910 CEST49816443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:38.058259964 CEST49816443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:38.058393955 CEST4434981635.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:38.058574915 CEST49815443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:38.058615923 CEST49815443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:38.058743954 CEST4434981535.244.181.201192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:38.058841944 CEST49814443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:38.058856964 CEST49816443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:38.058999062 CEST49815443192.168.2.535.244.181.201
                                                                                                                  Sep 6, 2024 13:54:38.063517094 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:38.068321943 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:38.158757925 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:38.164380074 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:38.173861027 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:38.205653906 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:38.469979048 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:38.522138119 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:38.684256077 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:38.684372902 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:42.970719099 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:42.975502968 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:43.065402985 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:43.068015099 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:43.072827101 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:43.119404078 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:43.164242983 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:43.219717026 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:53.075988054 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:53.081015110 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:53.176295996 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:53.181209087 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:55.070522070 CEST49819443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:55.070571899 CEST4434981934.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:55.071185112 CEST49819443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:55.072515965 CEST49819443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:55.072530031 CEST4434981934.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:55.539328098 CEST4434981934.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:55.539403915 CEST49819443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:55.543390989 CEST49819443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:55.543399096 CEST4434981934.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:55.543498993 CEST49819443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:55.543555021 CEST4434981934.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:55.545828104 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:55.549791098 CEST49819443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:54:55.555151939 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:55.645129919 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:55.650062084 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:55.654885054 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:55.697992086 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:55.746696949 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:55.798271894 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:54:58.737982988 CEST49820443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:58.738030910 CEST4434982040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:58.738197088 CEST49820443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:58.738553047 CEST49820443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:58.738565922 CEST4434982040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:59.385905027 CEST49781443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:59.385921955 CEST44349781142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:59.504101992 CEST49782443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:59.504111052 CEST44349782142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:59.545640945 CEST4434982040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:59.546034098 CEST49820443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:59.549663067 CEST49820443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:59.549671888 CEST4434982040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:59.550010920 CEST4434982040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:59.559035063 CEST49820443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:59.604489088 CEST4434982040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:59.885679007 CEST4434982040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:59.885701895 CEST4434982040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:59.885718107 CEST4434982040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:59.885785103 CEST49820443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:59.885799885 CEST4434982040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:59.886346102 CEST4434982040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:59.886379004 CEST4434982040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:59.886426926 CEST4434982040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:59.888067007 CEST49820443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:59.888106108 CEST49820443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:59.889678001 CEST49820443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:59.889688015 CEST4434982040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:59.889719963 CEST49820443192.168.2.540.68.123.157
                                                                                                                  Sep 6, 2024 13:54:59.889724970 CEST4434982040.68.123.157192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:04.990020990 CEST49767443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:55:04.990056038 CEST44349767162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:04.990070105 CEST49768443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:55:04.990075111 CEST44349768162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:05.653399944 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:55:05.658191919 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:05.746371984 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:55:05.751270056 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:06.271258116 CEST49822443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:55:06.271296978 CEST4434982234.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:06.271493912 CEST49822443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:55:06.271605968 CEST49822443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:55:06.271615982 CEST4434982234.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:06.283679962 CEST49823443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:55:06.283704996 CEST4434982334.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:06.284095049 CEST49823443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:55:06.284252882 CEST49823443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:55:06.284261942 CEST4434982334.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:06.741832018 CEST4434982334.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:06.743479013 CEST49823443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:55:06.746499062 CEST49823443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:55:06.746506929 CEST4434982334.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:06.746788025 CEST4434982334.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:06.747633934 CEST4434982234.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:06.751494884 CEST49823443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:55:06.751578093 CEST49823443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:55:06.751725912 CEST4434982334.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:06.752321005 CEST49822443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:55:06.752322912 CEST49823443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:55:06.755235910 CEST49822443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:55:06.755264997 CEST4434982234.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:06.755512953 CEST4434982234.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:06.762221098 CEST49822443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:55:06.762290955 CEST49822443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:55:06.762409925 CEST4434982234.120.208.123192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:06.763012886 CEST49822443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:55:06.763035059 CEST49822443192.168.2.534.120.208.123
                                                                                                                  Sep 6, 2024 13:55:06.785516024 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:55:06.790390015 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:06.882597923 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:06.923283100 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:55:06.927416086 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:55:06.932351112 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:07.024424076 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:07.033088923 CEST49824443192.168.2.523.55.235.170
                                                                                                                  Sep 6, 2024 13:55:07.033129930 CEST4434982423.55.235.170192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:07.033199072 CEST49824443192.168.2.523.55.235.170
                                                                                                                  Sep 6, 2024 13:55:07.033457041 CEST49824443192.168.2.523.55.235.170
                                                                                                                  Sep 6, 2024 13:55:07.033466101 CEST4434982423.55.235.170192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:07.076963902 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:55:07.497087955 CEST4434982423.55.235.170192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:07.497364044 CEST49824443192.168.2.523.55.235.170
                                                                                                                  Sep 6, 2024 13:55:07.497390032 CEST4434982423.55.235.170192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:07.497765064 CEST4434982423.55.235.170192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:07.498994112 CEST49824443192.168.2.523.55.235.170
                                                                                                                  Sep 6, 2024 13:55:07.499062061 CEST4434982423.55.235.170192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:07.499149084 CEST49824443192.168.2.523.55.235.170
                                                                                                                  Sep 6, 2024 13:55:07.540503979 CEST4434982423.55.235.170192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:07.635226011 CEST4434982423.55.235.170192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:07.635246038 CEST4434982423.55.235.170192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:07.635302067 CEST49824443192.168.2.523.55.235.170
                                                                                                                  Sep 6, 2024 13:55:07.635330915 CEST4434982423.55.235.170192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:07.635346889 CEST4434982423.55.235.170192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:07.635541916 CEST49824443192.168.2.523.55.235.170
                                                                                                                  Sep 6, 2024 13:55:07.635556936 CEST4434982423.55.235.170192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:07.635638952 CEST49824443192.168.2.523.55.235.170
                                                                                                                  Sep 6, 2024 13:55:07.635656118 CEST49824443192.168.2.523.55.235.170
                                                                                                                  Sep 6, 2024 13:55:07.635670900 CEST49824443192.168.2.523.55.235.170
                                                                                                                  Sep 6, 2024 13:55:16.894839048 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:55:16.899837971 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:17.031071901 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:55:17.036215067 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:26.911293983 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:55:26.916155100 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:27.049283028 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:55:27.054137945 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:35.801827908 CEST49825443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:55:35.801856041 CEST4434982534.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:35.801940918 CEST49825443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:55:35.803349972 CEST49825443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:55:35.803364038 CEST4434982534.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:36.269155979 CEST4434982534.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:36.269253016 CEST49825443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:55:36.273982048 CEST49825443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:55:36.273989916 CEST4434982534.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:36.274084091 CEST49825443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:55:36.274156094 CEST4434982534.107.243.93192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:36.274924994 CEST49825443192.168.2.534.107.243.93
                                                                                                                  Sep 6, 2024 13:55:36.276897907 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:55:36.281882048 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:36.371546030 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:36.374696016 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:55:36.380213022 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:36.425764084 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:55:36.474550962 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:36.523406029 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:55:44.392625093 CEST49781443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:55:44.392641068 CEST44349781142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:44.515089989 CEST49782443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:55:44.515105963 CEST44349782142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:46.382575989 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:55:46.387496948 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:46.488631010 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:55:46.493618011 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:56.391124010 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:55:56.397506952 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:56.501367092 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:55:56.506448030 CEST804976134.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:56:06.406898975 CEST4976280192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:56:06.411762953 CEST804976234.107.221.82192.168.2.5
                                                                                                                  Sep 6, 2024 13:56:06.516477108 CEST4976180192.168.2.534.107.221.82
                                                                                                                  Sep 6, 2024 13:56:06.521284103 CEST804976134.107.221.82192.168.2.5

                                                                                                                  UDP Packets

                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                  Sep 6, 2024 13:54:05.071841002 CEST53651701.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:06.278130054 CEST5140353192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:06.278388023 CEST6250353192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:07.683108091 CEST53519031.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:08.133018017 CEST53555591.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.324765921 CEST6112153192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:09.325342894 CEST6161853192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:09.331688881 CEST53611211.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.333101988 CEST53616181.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.779901028 CEST5251753192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:09.780035019 CEST4956153192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:09.780313015 CEST6219553192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:09.780442953 CEST6493553192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:09.787343025 CEST53495611.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.787374020 CEST53621951.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.788150072 CEST53525171.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.788168907 CEST53649351.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.788698912 CEST6081953192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:09.788883924 CEST5944153192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:09.795409918 CEST53608191.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.795917034 CEST53594411.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.829804897 CEST6240153192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:09.835530996 CEST5264253192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:09.840167046 CEST6214753192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:09.843352079 CEST53526421.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.847141981 CEST53621471.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.851273060 CEST6111253192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:09.853391886 CEST5365253192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:09.858352900 CEST53611121.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:09.860928059 CEST53536521.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.120399952 CEST5587153192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:10.127614021 CEST53558711.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.132515907 CEST5499853192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:10.139578104 CEST53549981.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.154933929 CEST6458053192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:10.154948950 CEST6223353192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:10.161708117 CEST53622331.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.161933899 CEST53645801.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.163846016 CEST6283353192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:10.165667057 CEST5189753192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:10.171478033 CEST53628331.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.172275066 CEST6468953192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:10.172895908 CEST53518971.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.173415899 CEST6529053192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:10.179271936 CEST53646891.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.180135965 CEST53652901.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.627938032 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:10.701169968 CEST5724853192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:10.739737034 CEST53614461.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:10.933852911 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.078947067 CEST44363200162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.078958988 CEST44363200162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.078970909 CEST44363200162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.078984976 CEST44363200162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.078996897 CEST44363200162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.084739923 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.087414026 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.089111090 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.089214087 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.089463949 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.089559078 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.089658976 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.089740038 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.161545038 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.161636114 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.186683893 CEST44363200162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.186695099 CEST44363200162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.186703920 CEST44363200162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.186714888 CEST44363200162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.187527895 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.187592030 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.187714100 CEST44363200162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.189074039 CEST44363200162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.189085007 CEST44363200162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.189094067 CEST44363200162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.189254999 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.189528942 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.245507956 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.245560884 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.245662928 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.245687962 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.247127056 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.249871969 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.250019073 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.250078917 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.257518053 CEST44363200162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.259074926 CEST44363200162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.260133028 CEST44363200162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.260251999 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.282011986 CEST44363200162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.284662962 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.284970999 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.286786079 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.287055016 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.321887970 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.338205099 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.338315010 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.341001987 CEST44363200162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.341012955 CEST44363200162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.341022968 CEST44363200162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.344914913 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.345060110 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.348423958 CEST63200443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.405824900 CEST6489653192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:11.408196926 CEST6474253192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:11.408746958 CEST5626953192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:11.413804054 CEST53648961.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.414680004 CEST53647421.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.415323973 CEST53562691.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.435724020 CEST5368753192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:11.443197966 CEST53536871.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.444041014 CEST6276253192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:11.450901031 CEST53627621.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.690073013 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.693821907 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.697746038 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.735047102 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.788702965 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.788716078 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.788726091 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.788736105 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.791414976 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.791487932 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.798985958 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.827573061 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.836196899 CEST5091553192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:11.892103910 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.892421007 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.906256914 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.993407965 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.994389057 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.995739937 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.995759010 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.995769024 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:11.996112108 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:11.996201992 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.006422997 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.006851912 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.008651018 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.010256052 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.010529041 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.010541916 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.010551929 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.014998913 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.015177965 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.015364885 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.017874002 CEST58358443192.168.2.5172.253.122.84
                                                                                                                  Sep 6, 2024 13:54:12.020399094 CEST58358443192.168.2.5172.253.122.84
                                                                                                                  Sep 6, 2024 13:54:12.020627975 CEST58358443192.168.2.5172.253.122.84
                                                                                                                  Sep 6, 2024 13:54:12.372216940 CEST51438443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.488022089 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.488790989 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.488804102 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.488815069 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.488828897 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.494951010 CEST58358443192.168.2.5172.253.122.84
                                                                                                                  Sep 6, 2024 13:54:12.495534897 CEST58358443192.168.2.5172.253.122.84
                                                                                                                  Sep 6, 2024 13:54:12.495845079 CEST58358443192.168.2.5172.253.122.84
                                                                                                                  Sep 6, 2024 13:54:12.600766897 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.600781918 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.600883007 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.628652096 CEST58358443192.168.2.5172.253.122.84
                                                                                                                  Sep 6, 2024 13:54:12.646400928 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.646426916 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.646476030 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.655426025 CEST58358443192.168.2.5172.253.122.84
                                                                                                                  Sep 6, 2024 13:54:12.655608892 CEST58358443192.168.2.5172.253.122.84
                                                                                                                  Sep 6, 2024 13:54:12.664957047 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.665234089 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.672270060 CEST51438443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.674032927 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.674248934 CEST58358443192.168.2.5172.253.122.84
                                                                                                                  Sep 6, 2024 13:54:12.675738096 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.676213980 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.678466082 CEST58358443192.168.2.5172.253.122.84
                                                                                                                  Sep 6, 2024 13:54:12.764230967 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.764837027 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.765089989 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.779267073 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.803504944 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.807189941 CEST60139443192.168.2.5142.250.80.99
                                                                                                                  Sep 6, 2024 13:54:12.808679104 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.808944941 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.810760975 CEST60139443192.168.2.5142.250.80.99
                                                                                                                  Sep 6, 2024 13:54:12.810951948 CEST60139443192.168.2.5142.250.80.99
                                                                                                                  Sep 6, 2024 13:54:12.810951948 CEST60139443192.168.2.5142.250.80.99
                                                                                                                  Sep 6, 2024 13:54:12.824659109 CEST44351438162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.824676991 CEST44351438162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.824688911 CEST44351438162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.824700117 CEST44351438162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.824712038 CEST44351438162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.827716112 CEST51438443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.838707924 CEST51438443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.838893890 CEST51438443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.839057922 CEST51438443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.839180946 CEST51438443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.885008097 CEST58358443192.168.2.5172.253.122.84
                                                                                                                  Sep 6, 2024 13:54:12.909149885 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.909989119 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.910228968 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.921688080 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.934309959 CEST44351438162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.934323072 CEST44351438162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.934501886 CEST44351438162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.934513092 CEST44351438162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.935794115 CEST44351438162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.936130047 CEST44351438162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:12.936630964 CEST51438443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.936702967 CEST51438443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.936826944 CEST51438443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:12.990489960 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.020690918 CEST58358443192.168.2.5172.253.122.84
                                                                                                                  Sep 6, 2024 13:54:13.030191898 CEST44351438162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.076324940 CEST51438443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:13.151274920 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.250582933 CEST44360139142.250.80.99192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.256354094 CEST44360139142.250.80.99192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.256367922 CEST44360139142.250.80.99192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.256380081 CEST44360139142.250.80.99192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.295648098 CEST60139443192.168.2.5142.250.80.99
                                                                                                                  Sep 6, 2024 13:54:13.296377897 CEST60139443192.168.2.5142.250.80.99
                                                                                                                  Sep 6, 2024 13:54:13.296931028 CEST60139443192.168.2.5142.250.80.99
                                                                                                                  Sep 6, 2024 13:54:13.389740944 CEST44360139142.250.80.99192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.389806032 CEST44360139142.250.80.99192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.390361071 CEST44360139142.250.80.99192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.391460896 CEST44360139142.250.80.99192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.391474009 CEST44360139142.250.80.99192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.391483068 CEST44360139142.250.80.99192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.407202959 CEST60139443192.168.2.5142.250.80.99
                                                                                                                  Sep 6, 2024 13:54:13.407512903 CEST60139443192.168.2.5142.250.80.99
                                                                                                                  Sep 6, 2024 13:54:13.407537937 CEST60139443192.168.2.5142.250.80.99
                                                                                                                  Sep 6, 2024 13:54:13.472415924 CEST60139443192.168.2.5142.250.80.99
                                                                                                                  Sep 6, 2024 13:54:13.472446918 CEST60139443192.168.2.5142.250.80.99
                                                                                                                  Sep 6, 2024 13:54:13.472604990 CEST58358443192.168.2.5172.253.122.84
                                                                                                                  Sep 6, 2024 13:54:13.526194096 CEST44360139142.250.80.99192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.531042099 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.566066027 CEST44360139142.250.80.99192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.566579103 CEST44360139142.250.80.99192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.566817999 CEST60139443192.168.2.5142.250.80.99
                                                                                                                  Sep 6, 2024 13:54:13.566880941 CEST44360139142.250.80.99192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.593175888 CEST60139443192.168.2.5142.250.80.99
                                                                                                                  Sep 6, 2024 13:54:13.599844933 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.599857092 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.599860907 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.600920916 CEST58358443192.168.2.5172.253.122.84
                                                                                                                  Sep 6, 2024 13:54:13.601248026 CEST58358443192.168.2.5172.253.122.84
                                                                                                                  Sep 6, 2024 13:54:13.603446007 CEST58358443192.168.2.5172.253.122.84
                                                                                                                  Sep 6, 2024 13:54:13.605593920 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:13.606023073 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:13.692312956 CEST44360139142.250.80.99192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.713799000 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.714557886 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.714942932 CEST44354579162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.718879938 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.720793962 CEST54579443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:54:13.754096031 CEST6051453192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:13.761540890 CEST53605141.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.809927940 CEST5670253192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:13.817214012 CEST53567021.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.821829081 CEST5981453192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:13.828950882 CEST53598141.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.842139959 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.981740952 CEST44362018142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.981758118 CEST44362018142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.987814903 CEST44362018142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.987858057 CEST44362018142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.987874031 CEST44362018142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.987886906 CEST44362018142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:13.994004011 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.994071960 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.995193958 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.995670080 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.995807886 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.996248007 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.996284962 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:13.996390104 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:14.093457937 CEST44362018142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.093504906 CEST44362018142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.093738079 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:14.093885899 CEST44362018142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.094163895 CEST44362018142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.094285965 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:14.109364986 CEST44362018142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.110965014 CEST44362018142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.119549036 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:14.119626045 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:14.128515959 CEST58358443192.168.2.5172.253.122.84
                                                                                                                  Sep 6, 2024 13:54:14.217170000 CEST44362018142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.261898994 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.264926910 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.265021086 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.265033960 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:14.268709898 CEST58358443192.168.2.5172.253.122.84
                                                                                                                  Sep 6, 2024 13:54:14.268788099 CEST58358443192.168.2.5172.253.122.84
                                                                                                                  Sep 6, 2024 13:54:14.404557943 CEST44358358172.253.122.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:17.699681997 CEST6468353192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:17.707550049 CEST53646831.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:18.692235947 CEST5701853192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:18.699350119 CEST53570181.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:18.704802990 CEST6540453192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:18.705645084 CEST5422253192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:18.711564064 CEST53654041.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:18.712157011 CEST5569053192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:18.713587046 CEST53542221.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:18.714194059 CEST5135553192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:18.718719006 CEST53556901.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:18.721894026 CEST53513551.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:20.787558079 CEST5394553192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:20.787729025 CEST6306053192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:20.794601917 CEST53630601.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:20.794846058 CEST53539451.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:20.795578003 CEST5750053192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:20.803373098 CEST53575001.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:20.803913116 CEST6293453192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:20.810775042 CEST53629341.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.132878065 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:21.132925987 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:21.231029034 CEST44362018142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.261554003 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:21.273633957 CEST44362018142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.273938894 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:21.275259972 CEST44362018142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:21.307856083 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:21.409917116 CEST44362018142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:23.782211065 CEST6547953192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:23.789051056 CEST53654791.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:32.841963053 CEST5450953192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:32.851560116 CEST53545091.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:34.596703053 CEST5112253192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:34.604300976 CEST53511221.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:36.480654001 CEST6312853192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:36.487751961 CEST53631281.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:36.807441950 CEST5048953192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:36.815872908 CEST53504891.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:36.818712950 CEST5125753192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:36.819479942 CEST5394653192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:36.826066971 CEST53512571.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:36.826493979 CEST53539461.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:36.827776909 CEST5470953192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:36.829776049 CEST5567953192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:36.834604025 CEST53547091.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:36.837120056 CEST53556791.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:36.841531038 CEST5089653192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:36.848562956 CEST53508961.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:43.469980955 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:43.650295019 CEST44362018142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:43.650650978 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:43.652364016 CEST44362018142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:43.683661938 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:43.803565025 CEST44362018142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:43.803802967 CEST62018443192.168.2.5142.251.40.110
                                                                                                                  Sep 6, 2024 13:54:43.815531969 CEST44362018142.251.40.110192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:55.070966959 CEST6436553192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:54:55.077938080 CEST53643651.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:54:55.546109915 CEST5979153192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:55:06.279661894 CEST57104443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:55:06.279769897 CEST57104443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:55:06.279942036 CEST57104443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:55:06.279999018 CEST57104443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:55:06.282169104 CEST6294253192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:55:06.290574074 CEST53629421.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:06.733561993 CEST44357104162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:06.739636898 CEST57104443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:55:06.776943922 CEST57104443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:55:06.833434105 CEST44357104162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:06.833458900 CEST44357104162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:06.833470106 CEST44357104162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:06.833478928 CEST44357104162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:06.837677956 CEST57104443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:55:06.837762117 CEST57104443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:55:06.933609009 CEST44357104162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:06.935338020 CEST57104443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:55:07.030925035 CEST44357104162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:07.031198978 CEST44357104162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:07.032504082 CEST44357104162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:07.032675028 CEST57104443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:55:09.363943100 CEST57104443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:55:09.364043951 CEST57104443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:55:09.458642006 CEST44357104162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:09.467490911 CEST44357104162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:09.467621088 CEST44357104162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:09.468091011 CEST57104443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:55:09.469176054 CEST54800443192.168.2.523.219.82.73
                                                                                                                  Sep 6, 2024 13:55:09.924540997 CEST4435480023.219.82.73192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:09.924637079 CEST4435480023.219.82.73192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:09.926676035 CEST54800443192.168.2.523.219.82.73
                                                                                                                  Sep 6, 2024 13:55:09.926791906 CEST54800443192.168.2.523.219.82.73
                                                                                                                  Sep 6, 2024 13:55:10.022886038 CEST4435480023.219.82.73192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:10.022901058 CEST4435480023.219.82.73192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:10.022908926 CEST4435480023.219.82.73192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:10.024851084 CEST54800443192.168.2.523.219.82.73
                                                                                                                  Sep 6, 2024 13:55:10.053175926 CEST54800443192.168.2.523.219.82.73
                                                                                                                  Sep 6, 2024 13:55:10.124515057 CEST4435480023.219.82.73192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:13.512514114 CEST57104443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:55:13.512634039 CEST57104443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:55:13.609894037 CEST44357104162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:13.610148907 CEST44357104162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:13.610596895 CEST44357104162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:13.610826969 CEST57104443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:55:13.611897945 CEST59248443192.168.2.5142.250.31.84
                                                                                                                  Sep 6, 2024 13:55:13.612037897 CEST59248443192.168.2.5142.250.31.84
                                                                                                                  Sep 6, 2024 13:55:14.081007957 CEST44359248142.250.31.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:14.081031084 CEST44359248142.250.31.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:14.081041098 CEST44359248142.250.31.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:14.082725048 CEST59248443192.168.2.5142.250.31.84
                                                                                                                  Sep 6, 2024 13:55:14.082786083 CEST59248443192.168.2.5142.250.31.84
                                                                                                                  Sep 6, 2024 13:55:14.106185913 CEST44359248142.250.31.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:14.108241081 CEST59248443192.168.2.5142.250.31.84
                                                                                                                  Sep 6, 2024 13:55:14.156810999 CEST59248443192.168.2.5142.250.31.84
                                                                                                                  Sep 6, 2024 13:55:14.183763027 CEST44359248142.250.31.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:14.215346098 CEST59248443192.168.2.5142.250.31.84
                                                                                                                  Sep 6, 2024 13:55:14.261601925 CEST44359248142.250.31.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:14.298752069 CEST59248443192.168.2.5142.250.31.84
                                                                                                                  Sep 6, 2024 13:55:14.313958883 CEST44359248142.250.31.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:14.314032078 CEST44359248142.250.31.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:14.314042091 CEST44359248142.250.31.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:14.314522028 CEST59248443192.168.2.5142.250.31.84
                                                                                                                  Sep 6, 2024 13:55:14.314610958 CEST59248443192.168.2.5142.250.31.84
                                                                                                                  Sep 6, 2024 13:55:14.440646887 CEST44359248142.250.31.84192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:30.027795076 CEST4435480023.219.82.73192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:30.057701111 CEST54800443192.168.2.523.219.82.73
                                                                                                                  Sep 6, 2024 13:55:30.529233932 CEST4435480023.219.82.73192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:30.559350967 CEST54800443192.168.2.523.219.82.73
                                                                                                                  Sep 6, 2024 13:55:35.793318987 CEST5649553192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:55:35.800496101 CEST53564951.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:35.801321030 CEST5119453192.168.2.51.1.1.1
                                                                                                                  Sep 6, 2024 13:55:35.807955980 CEST53511941.1.1.1192.168.2.5
                                                                                                                  Sep 6, 2024 13:55:40.025861979 CEST4435480023.219.82.73192.168.2.5
                                                                                                                  Sep 6, 2024 13:56:04.848119974 CEST49275443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:56:04.848244905 CEST49275443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:56:04.848440886 CEST49275443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:56:04.848525047 CEST49275443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:56:05.281604052 CEST49275443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:56:05.321763039 CEST44349275162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:56:05.335832119 CEST49275443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:56:05.377300978 CEST49275443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:56:05.384962082 CEST44349275162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:56:05.385013103 CEST44349275162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:56:05.385159969 CEST44349275162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:56:05.385166883 CEST49275443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:56:05.385303020 CEST49275443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:56:05.385672092 CEST44349275162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:56:05.385772943 CEST49275443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:56:05.441468954 CEST44349275162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:56:05.479892015 CEST49275443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:56:05.492604017 CEST44349275162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:56:05.495809078 CEST49275443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:56:05.597711086 CEST44349275162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:56:05.598793983 CEST44349275162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:56:05.598921061 CEST44349275162.159.61.3192.168.2.5
                                                                                                                  Sep 6, 2024 13:56:05.614594936 CEST49275443192.168.2.5162.159.61.3
                                                                                                                  Sep 6, 2024 13:56:09.420262098 CEST64447443192.168.2.523.219.82.73
                                                                                                                  Sep 6, 2024 13:56:09.872512102 CEST4436444723.219.82.73192.168.2.5
                                                                                                                  Sep 6, 2024 13:56:09.872525930 CEST4436444723.219.82.73192.168.2.5
                                                                                                                  Sep 6, 2024 13:56:09.881820917 CEST64447443192.168.2.523.219.82.73
                                                                                                                  Sep 6, 2024 13:56:09.978101015 CEST4436444723.219.82.73192.168.2.5
                                                                                                                  Sep 6, 2024 13:56:09.978113890 CEST4436444723.219.82.73192.168.2.5
                                                                                                                  Sep 6, 2024 13:56:09.978121996 CEST4436444723.219.82.73192.168.2.5
                                                                                                                  Sep 6, 2024 13:56:09.978439093 CEST64447443192.168.2.523.219.82.73
                                                                                                                  Sep 6, 2024 13:56:10.009537935 CEST64447443192.168.2.523.219.82.73
                                                                                                                  Sep 6, 2024 13:56:10.074704885 CEST4436444723.219.82.73192.168.2.5

                                                                                                                  DNS Queries

                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                  Sep 6, 2024 13:54:06.278130054 CEST192.168.2.51.1.1.10x4c2cStandard query (0)bzib.nelreports.netA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:06.278388023 CEST192.168.2.51.1.1.10x4841Standard query (0)bzib.nelreports.net65IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.324765921 CEST192.168.2.51.1.1.10xb509Standard query (0)clients2.googleusercontent.comA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.325342894 CEST192.168.2.51.1.1.10xef0bStandard query (0)clients2.googleusercontent.com65IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.779901028 CEST192.168.2.51.1.1.10x206bStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.780035019 CEST192.168.2.51.1.1.10xabeeStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.780313015 CEST192.168.2.51.1.1.10x31cStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.780442953 CEST192.168.2.51.1.1.10x9375Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.788698912 CEST192.168.2.51.1.1.10x76e4Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.788883924 CEST192.168.2.51.1.1.10xbadcStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.829804897 CEST192.168.2.51.1.1.10x2cd4Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.835530996 CEST192.168.2.51.1.1.10x2170Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.840167046 CEST192.168.2.51.1.1.10x94bfStandard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.851273060 CEST192.168.2.51.1.1.10xf3dStandard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.853391886 CEST192.168.2.51.1.1.10xad0bStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:10.120399952 CEST192.168.2.51.1.1.10xca08Standard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:10.132515907 CEST192.168.2.51.1.1.10x399dStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:10.154933929 CEST192.168.2.51.1.1.10xdbcStandard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:10.154948950 CEST192.168.2.51.1.1.10x742eStandard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:10.163846016 CEST192.168.2.51.1.1.10x48a3Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:10.165667057 CEST192.168.2.51.1.1.10xa942Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:10.172275066 CEST192.168.2.51.1.1.10x83c7Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:10.173415899 CEST192.168.2.51.1.1.10xbaeaStandard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:10.701169968 CEST192.168.2.51.1.1.10xccfdStandard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:11.405824900 CEST192.168.2.51.1.1.10x5ba9Standard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:11.408196926 CEST192.168.2.51.1.1.10x6f70Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:11.408746958 CEST192.168.2.51.1.1.10x16eaStandard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:11.435724020 CEST192.168.2.51.1.1.10xbf68Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:11.444041014 CEST192.168.2.51.1.1.10xb2c8Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:11.836196899 CEST192.168.2.51.1.1.10x888aStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:13.754096031 CEST192.168.2.51.1.1.10x3731Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:13.809927940 CEST192.168.2.51.1.1.10x8b17Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:13.821829081 CEST192.168.2.51.1.1.10xe36fStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:17.699681997 CEST192.168.2.51.1.1.10x825aStandard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:18.692235947 CEST192.168.2.51.1.1.10xea52Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:18.704802990 CEST192.168.2.51.1.1.10xf1ffStandard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:18.705645084 CEST192.168.2.51.1.1.10xcda9Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:18.712157011 CEST192.168.2.51.1.1.10x7159Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:18.714194059 CEST192.168.2.51.1.1.10x7b84Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:20.787558079 CEST192.168.2.51.1.1.10x9755Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:20.787729025 CEST192.168.2.51.1.1.10x4453Standard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:20.795578003 CEST192.168.2.51.1.1.10x59caStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:20.803913116 CEST192.168.2.51.1.1.10xfd21Standard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:23.782211065 CEST192.168.2.51.1.1.10x947aStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:32.841963053 CEST192.168.2.51.1.1.10x7013Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:34.596703053 CEST192.168.2.51.1.1.10x77c4Standard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:36.480654001 CEST192.168.2.51.1.1.10x244Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:36.807441950 CEST192.168.2.51.1.1.10x66adStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:36.818712950 CEST192.168.2.51.1.1.10xc84bStandard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:36.819479942 CEST192.168.2.51.1.1.10x1bcbStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:36.827776909 CEST192.168.2.51.1.1.10x31f1Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:36.829776049 CEST192.168.2.51.1.1.10x1a6aStandard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:36.841531038 CEST192.168.2.51.1.1.10x1805Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:55.070966959 CEST192.168.2.51.1.1.10x21d8Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:55.546109915 CEST192.168.2.51.1.1.10x8c0fStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:55:06.282169104 CEST192.168.2.51.1.1.10xecbfStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:55:35.793318987 CEST192.168.2.51.1.1.10xc736Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:55:35.801321030 CEST192.168.2.51.1.1.10xbbb0Standard query (0)push.services.mozilla.com28IN (0x0001)false

                                                                                                                  DNS Answers

                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                  Sep 6, 2024 13:54:05.073584080 CEST1.1.1.1192.168.2.50x731dNo error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:05.073584080 CEST1.1.1.1192.168.2.50x731dNo error (0)ssl.bingadsedgeextension-prod-europe.azurewebsites.net94.245.104.56A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:05.074448109 CEST1.1.1.1192.168.2.50x36e7No error (0)bingadsedgeextension-prod-europe.azurewebsites.netssl.bingadsedgeextension-prod-europe.azurewebsites.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:06.285145998 CEST1.1.1.1192.168.2.50x4841No error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:06.285274029 CEST1.1.1.1192.168.2.50x4c2cNo error (0)bzib.nelreports.netbzib.nelreports.net.akamaized.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.331688881 CEST1.1.1.1192.168.2.50xb509No error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.331688881 CEST1.1.1.1192.168.2.50xb509No error (0)googlehosted.l.googleusercontent.com142.250.185.225A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.333101988 CEST1.1.1.1192.168.2.50xef0bNo error (0)clients2.googleusercontent.comgooglehosted.l.googleusercontent.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.787343025 CEST1.1.1.1192.168.2.50xabeeNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.787374020 CEST1.1.1.1192.168.2.50x31cNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.787374020 CEST1.1.1.1192.168.2.50x31cNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.788150072 CEST1.1.1.1192.168.2.50x206bNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.788150072 CEST1.1.1.1192.168.2.50x206bNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.788168907 CEST1.1.1.1192.168.2.50x9375No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.795409918 CEST1.1.1.1192.168.2.50x76e4No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.795409918 CEST1.1.1.1192.168.2.50x76e4No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.795917034 CEST1.1.1.1192.168.2.50xbadcNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.832490921 CEST1.1.1.1192.168.2.50x46bfNo error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.837008953 CEST1.1.1.1192.168.2.50x2cd4No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.837008953 CEST1.1.1.1192.168.2.50x2cd4No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.843352079 CEST1.1.1.1192.168.2.50x2170No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.847141981 CEST1.1.1.1192.168.2.50x94bfNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:09.858352900 CEST1.1.1.1192.168.2.50xf3dNo error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:10.127614021 CEST1.1.1.1192.168.2.50xca08No error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:10.139578104 CEST1.1.1.1192.168.2.50x399dNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:10.161608934 CEST1.1.1.1192.168.2.50x7ed6No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:10.161608934 CEST1.1.1.1192.168.2.50x7ed6No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:10.161708117 CEST1.1.1.1192.168.2.50x742eNo error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:10.161708117 CEST1.1.1.1192.168.2.50x742eNo error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:10.171478033 CEST1.1.1.1192.168.2.50x48a3No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:10.172895908 CEST1.1.1.1192.168.2.50xa942No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:10.712038040 CEST1.1.1.1192.168.2.50xccfdNo error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:11.413804054 CEST1.1.1.1192.168.2.50x5ba9No error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:11.413804054 CEST1.1.1.1192.168.2.50x5ba9No error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:11.413804054 CEST1.1.1.1192.168.2.50x5ba9No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:11.414680004 CEST1.1.1.1192.168.2.50x6f70No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:11.415323973 CEST1.1.1.1192.168.2.50x16eaNo error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:11.415323973 CEST1.1.1.1192.168.2.50x16eaNo error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:11.443197966 CEST1.1.1.1192.168.2.50xbf68No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:11.450901031 CEST1.1.1.1192.168.2.50xb2c8No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:11.843664885 CEST1.1.1.1192.168.2.50x888aNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:11.843664885 CEST1.1.1.1192.168.2.50x888aNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:13.761540890 CEST1.1.1.1192.168.2.50x3731No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:13.817214012 CEST1.1.1.1192.168.2.50x8b17No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:17.705775976 CEST1.1.1.1192.168.2.50xc129No error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:17.705775976 CEST1.1.1.1192.168.2.50xc129No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:18.698584080 CEST1.1.1.1192.168.2.50x6ef1No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:18.699350119 CEST1.1.1.1192.168.2.50xea52No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:18.699350119 CEST1.1.1.1192.168.2.50xea52No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:18.699350119 CEST1.1.1.1192.168.2.50xea52No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:18.711564064 CEST1.1.1.1192.168.2.50xf1ffNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:18.713587046 CEST1.1.1.1192.168.2.50xcda9No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:20.677813053 CEST1.1.1.1192.168.2.50xefeaNo error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:20.794601917 CEST1.1.1.1192.168.2.50x4453No error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:20.794601917 CEST1.1.1.1192.168.2.50x4453No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:20.803373098 CEST1.1.1.1192.168.2.50x59caNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:34.604300976 CEST1.1.1.1192.168.2.50x77c4No error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:36.478615046 CEST1.1.1.1192.168.2.50x95fNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:36.478615046 CEST1.1.1.1192.168.2.50x95fNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:36.815872908 CEST1.1.1.1192.168.2.50x66adNo error (0)services.addons.mozilla.org18.65.39.112A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:36.815872908 CEST1.1.1.1192.168.2.50x66adNo error (0)services.addons.mozilla.org18.65.39.4A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:36.815872908 CEST1.1.1.1192.168.2.50x66adNo error (0)services.addons.mozilla.org18.65.39.85A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:36.815872908 CEST1.1.1.1192.168.2.50x66adNo error (0)services.addons.mozilla.org18.65.39.31A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:36.826066971 CEST1.1.1.1192.168.2.50xc84bNo error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:36.826066971 CEST1.1.1.1192.168.2.50xc84bNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:36.826493979 CEST1.1.1.1192.168.2.50x1bcbNo error (0)services.addons.mozilla.org18.65.39.31A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:36.826493979 CEST1.1.1.1192.168.2.50x1bcbNo error (0)services.addons.mozilla.org18.65.39.4A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:36.826493979 CEST1.1.1.1192.168.2.50x1bcbNo error (0)services.addons.mozilla.org18.65.39.112A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:36.826493979 CEST1.1.1.1192.168.2.50x1bcbNo error (0)services.addons.mozilla.org18.65.39.85A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:36.834604025 CEST1.1.1.1192.168.2.50x31f1No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:38.076950073 CEST1.1.1.1192.168.2.50x32deNo error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:38.076950073 CEST1.1.1.1192.168.2.50x32deNo error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:55.557329893 CEST1.1.1.1192.168.2.50x8c0fNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:54:55.557329893 CEST1.1.1.1192.168.2.50x8c0fNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:55:06.277806997 CEST1.1.1.1192.168.2.50x9219No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                  Sep 6, 2024 13:55:35.800496101 CEST1.1.1.1192.168.2.50xc736No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false

                                                                                                                  HTTP Request Dependency Graph

                                                                                                                  • api.edgeoffer.microsoft.com
                                                                                                                  • clients2.googleusercontent.com
                                                                                                                  • chrome.cloudflare-dns.com
                                                                                                                  • fs.microsoft.com
                                                                                                                  • msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                                                                  • https:
                                                                                                                    • accounts.youtube.com
                                                                                                                    • www.google.com
                                                                                                                  • edgeassetservice.azureedge.net
                                                                                                                  • slscr.update.microsoft.com
                                                                                                                  • detectportal.firefox.com

                                                                                                                  HTTP Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  0192.168.2.54974334.107.221.82803176C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Sep 6, 2024 13:54:10.145653009 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Connection: keep-alive
                                                                                                                  Sep 6, 2024 13:54:10.597903013 CEST298INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 90
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Fri, 06 Sep 2024 02:07:20 GMT
                                                                                                                  Age: 35210
                                                                                                                  Content-Type: text/html
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  1192.168.2.54976134.107.221.82803176C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Sep 6, 2024 13:54:11.851897001 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Connection: keep-alive
                                                                                                                  Pragma: no-cache
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Sep 6, 2024 13:54:12.306674004 CEST216INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 8
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                                                                  Content-Type: text/plain
                                                                                                                  Age: 43737
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                  Data Ascii: success
                                                                                                                  Sep 6, 2024 13:54:13.755481958 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Connection: keep-alive
                                                                                                                  Pragma: no-cache
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Sep 6, 2024 13:54:13.851701021 CEST216INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 8
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                                                                  Content-Type: text/plain
                                                                                                                  Age: 43738
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                  Data Ascii: success
                                                                                                                  Sep 6, 2024 13:54:14.514254093 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Connection: keep-alive
                                                                                                                  Pragma: no-cache
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Sep 6, 2024 13:54:14.610630035 CEST216INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 8
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                                                                  Content-Type: text/plain
                                                                                                                  Age: 43739
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                  Data Ascii: success
                                                                                                                  Sep 6, 2024 13:54:16.298543930 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Connection: keep-alive
                                                                                                                  Pragma: no-cache
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Sep 6, 2024 13:54:16.395184994 CEST216INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 8
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                                                                  Content-Type: text/plain
                                                                                                                  Age: 43741
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                  Data Ascii: success
                                                                                                                  Sep 6, 2024 13:54:20.845829010 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Connection: keep-alive
                                                                                                                  Pragma: no-cache
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Sep 6, 2024 13:54:20.943420887 CEST216INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 8
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                                                                  Content-Type: text/plain
                                                                                                                  Age: 43745
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                  Data Ascii: success
                                                                                                                  Sep 6, 2024 13:54:21.715517998 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Connection: keep-alive
                                                                                                                  Pragma: no-cache
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Sep 6, 2024 13:54:21.815406084 CEST216INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 8
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                                                                  Content-Type: text/plain
                                                                                                                  Age: 43746
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                  Data Ascii: success
                                                                                                                  Sep 6, 2024 13:54:22.379084110 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Connection: keep-alive
                                                                                                                  Pragma: no-cache
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Sep 6, 2024 13:54:22.475919008 CEST216INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 8
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                                                                  Content-Type: text/plain
                                                                                                                  Age: 43747
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                  Data Ascii: success
                                                                                                                  Sep 6, 2024 13:54:23.944272995 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Connection: keep-alive
                                                                                                                  Pragma: no-cache
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Sep 6, 2024 13:54:24.040767908 CEST216INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 8
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                                                                  Content-Type: text/plain
                                                                                                                  Age: 43748
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                  Data Ascii: success
                                                                                                                  Sep 6, 2024 13:54:24.359966993 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Connection: keep-alive
                                                                                                                  Pragma: no-cache
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Sep 6, 2024 13:54:24.456573009 CEST216INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 8
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                                                                  Content-Type: text/plain
                                                                                                                  Age: 43749
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                  Data Ascii: success
                                                                                                                  Sep 6, 2024 13:54:24.839828014 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Connection: keep-alive
                                                                                                                  Pragma: no-cache
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Sep 6, 2024 13:54:24.936017036 CEST216INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 8
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                                                                  Content-Type: text/plain
                                                                                                                  Age: 43749
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                  Data Ascii: success
                                                                                                                  Sep 6, 2024 13:54:33.738595009 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Connection: keep-alive
                                                                                                                  Pragma: no-cache
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Sep 6, 2024 13:54:33.837938070 CEST216INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 8
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                                                                  Content-Type: text/plain
                                                                                                                  Age: 43758
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                  Data Ascii: success
                                                                                                                  Sep 6, 2024 13:54:37.288141966 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Connection: keep-alive
                                                                                                                  Pragma: no-cache
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Sep 6, 2024 13:54:37.384649992 CEST216INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 8
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                                                                  Content-Type: text/plain
                                                                                                                  Age: 43762
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                  Data Ascii: success
                                                                                                                  Sep 6, 2024 13:54:37.411290884 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Connection: keep-alive
                                                                                                                  Pragma: no-cache
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Sep 6, 2024 13:54:37.511404037 CEST216INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 8
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                                                                  Content-Type: text/plain
                                                                                                                  Age: 43762
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                  Data Ascii: success
                                                                                                                  Sep 6, 2024 13:54:37.668246984 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Connection: keep-alive
                                                                                                                  Pragma: no-cache
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Sep 6, 2024 13:54:37.766124964 CEST216INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 8
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                                                                  Content-Type: text/plain
                                                                                                                  Age: 43762
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                  Data Ascii: success
                                                                                                                  Sep 6, 2024 13:54:37.911295891 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Connection: keep-alive
                                                                                                                  Pragma: no-cache
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Sep 6, 2024 13:54:38.007896900 CEST216INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 8
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                                                                  Content-Type: text/plain
                                                                                                                  Age: 43762
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                  Data Ascii: success
                                                                                                                  Sep 6, 2024 13:54:38.164380074 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Connection: keep-alive
                                                                                                                  Pragma: no-cache
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Sep 6, 2024 13:54:38.469979048 CEST216INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 8
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                                                                  Content-Type: text/plain
                                                                                                                  Age: 43763
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                  Data Ascii: success
                                                                                                                  Sep 6, 2024 13:54:38.684256077 CEST216INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 8
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                                                                  Content-Type: text/plain
                                                                                                                  Age: 43763
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                  Data Ascii: success
                                                                                                                  Sep 6, 2024 13:54:43.068015099 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Connection: keep-alive
                                                                                                                  Pragma: no-cache
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Sep 6, 2024 13:54:43.164242983 CEST216INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 8
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                                                                  Content-Type: text/plain
                                                                                                                  Age: 43768
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                  Data Ascii: success
                                                                                                                  Sep 6, 2024 13:54:53.176295996 CEST6OUTData Raw: 00
                                                                                                                  Data Ascii:
                                                                                                                  Sep 6, 2024 13:54:55.650062084 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Connection: keep-alive
                                                                                                                  Pragma: no-cache
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Sep 6, 2024 13:54:55.746696949 CEST216INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 8
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                                                                  Content-Type: text/plain
                                                                                                                  Age: 43780
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                  Data Ascii: success
                                                                                                                  Sep 6, 2024 13:55:05.746371984 CEST6OUTData Raw: 00
                                                                                                                  Data Ascii:
                                                                                                                  Sep 6, 2024 13:55:06.927416086 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Connection: keep-alive
                                                                                                                  Pragma: no-cache
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Sep 6, 2024 13:55:07.024424076 CEST216INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 8
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                                                                  Content-Type: text/plain
                                                                                                                  Age: 43791
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                  Data Ascii: success
                                                                                                                  Sep 6, 2024 13:55:17.031071901 CEST6OUTData Raw: 00
                                                                                                                  Data Ascii:
                                                                                                                  Sep 6, 2024 13:55:27.049283028 CEST6OUTData Raw: 00
                                                                                                                  Data Ascii:
                                                                                                                  Sep 6, 2024 13:55:36.374696016 CEST305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Connection: keep-alive
                                                                                                                  Pragma: no-cache
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Sep 6, 2024 13:55:36.474550962 CEST216INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 8
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Thu, 05 Sep 2024 23:45:15 GMT
                                                                                                                  Content-Type: text/plain
                                                                                                                  Age: 43821
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                  Data Ascii: success
                                                                                                                  Sep 6, 2024 13:55:46.488631010 CEST6OUTData Raw: 00
                                                                                                                  Data Ascii:
                                                                                                                  Sep 6, 2024 13:55:56.501367092 CEST6OUTData Raw: 00
                                                                                                                  Data Ascii:
                                                                                                                  Sep 6, 2024 13:56:06.516477108 CEST6OUTData Raw: 00
                                                                                                                  Data Ascii:


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  2192.168.2.54976234.107.221.82803176C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  Sep 6, 2024 13:54:11.852016926 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Connection: keep-alive
                                                                                                                  Sep 6, 2024 13:54:12.296611071 CEST298INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 90
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Fri, 06 Sep 2024 02:07:20 GMT
                                                                                                                  Age: 35212
                                                                                                                  Content-Type: text/html
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                  Sep 6, 2024 13:54:13.756210089 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Connection: keep-alive
                                                                                                                  Sep 6, 2024 13:54:13.851017952 CEST298INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 90
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Fri, 06 Sep 2024 02:07:20 GMT
                                                                                                                  Age: 35213
                                                                                                                  Content-Type: text/html
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                  Sep 6, 2024 13:54:15.475529909 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Connection: keep-alive
                                                                                                                  Sep 6, 2024 13:54:15.570278883 CEST298INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 90
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Fri, 06 Sep 2024 02:07:20 GMT
                                                                                                                  Age: 35215
                                                                                                                  Content-Type: text/html
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                  Sep 6, 2024 13:54:20.657448053 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Connection: keep-alive
                                                                                                                  Sep 6, 2024 13:54:20.752566099 CEST298INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 90
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Fri, 06 Sep 2024 02:07:20 GMT
                                                                                                                  Age: 35220
                                                                                                                  Content-Type: text/html
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                  Sep 6, 2024 13:54:21.548727989 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Connection: keep-alive
                                                                                                                  Sep 6, 2024 13:54:21.643671036 CEST298INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 90
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Fri, 06 Sep 2024 02:07:20 GMT
                                                                                                                  Age: 35221
                                                                                                                  Content-Type: text/html
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                  Sep 6, 2024 13:54:22.247014046 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Connection: keep-alive
                                                                                                                  Sep 6, 2024 13:54:22.341579914 CEST298INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 90
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Fri, 06 Sep 2024 02:07:20 GMT
                                                                                                                  Age: 35222
                                                                                                                  Content-Type: text/html
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                  Sep 6, 2024 13:54:23.776187897 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Connection: keep-alive
                                                                                                                  Sep 6, 2024 13:54:23.871083021 CEST298INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 90
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Fri, 06 Sep 2024 02:07:20 GMT
                                                                                                                  Age: 35223
                                                                                                                  Content-Type: text/html
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                  Sep 6, 2024 13:54:24.262779951 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Connection: keep-alive
                                                                                                                  Sep 6, 2024 13:54:24.357476950 CEST298INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 90
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Fri, 06 Sep 2024 02:07:20 GMT
                                                                                                                  Age: 35224
                                                                                                                  Content-Type: text/html
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                  Sep 6, 2024 13:54:24.742621899 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Connection: keep-alive
                                                                                                                  Sep 6, 2024 13:54:24.837090969 CEST298INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 90
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Fri, 06 Sep 2024 02:07:20 GMT
                                                                                                                  Age: 35224
                                                                                                                  Content-Type: text/html
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                  Sep 6, 2024 13:54:33.517258883 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Connection: keep-alive
                                                                                                                  Sep 6, 2024 13:54:33.611959934 CEST298INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 90
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Fri, 06 Sep 2024 02:07:20 GMT
                                                                                                                  Age: 35233
                                                                                                                  Content-Type: text/html
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                  Sep 6, 2024 13:54:36.968524933 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Connection: keep-alive
                                                                                                                  Sep 6, 2024 13:54:37.285279036 CEST298INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 90
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Fri, 06 Sep 2024 02:07:20 GMT
                                                                                                                  Age: 35237
                                                                                                                  Content-Type: text/html
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                  Sep 6, 2024 13:54:37.306881905 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Connection: keep-alive
                                                                                                                  Sep 6, 2024 13:54:37.407679081 CEST298INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 90
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Fri, 06 Sep 2024 02:07:20 GMT
                                                                                                                  Age: 35237
                                                                                                                  Content-Type: text/html
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                  Sep 6, 2024 13:54:37.565495014 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Connection: keep-alive
                                                                                                                  Sep 6, 2024 13:54:37.665281057 CEST298INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 90
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Fri, 06 Sep 2024 02:07:20 GMT
                                                                                                                  Age: 35237
                                                                                                                  Content-Type: text/html
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                  Sep 6, 2024 13:54:37.813930988 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Connection: keep-alive
                                                                                                                  Sep 6, 2024 13:54:37.908787966 CEST298INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 90
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Fri, 06 Sep 2024 02:07:20 GMT
                                                                                                                  Age: 35237
                                                                                                                  Content-Type: text/html
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                  Sep 6, 2024 13:54:38.063517094 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Connection: keep-alive
                                                                                                                  Sep 6, 2024 13:54:38.158757925 CEST298INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 90
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Fri, 06 Sep 2024 02:07:20 GMT
                                                                                                                  Age: 35238
                                                                                                                  Content-Type: text/html
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                  Sep 6, 2024 13:54:42.970719099 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Connection: keep-alive
                                                                                                                  Sep 6, 2024 13:54:43.065402985 CEST298INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 90
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Fri, 06 Sep 2024 02:07:20 GMT
                                                                                                                  Age: 35243
                                                                                                                  Content-Type: text/html
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                  Sep 6, 2024 13:54:53.075988054 CEST6OUTData Raw: 00
                                                                                                                  Data Ascii:
                                                                                                                  Sep 6, 2024 13:54:55.545828104 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Connection: keep-alive
                                                                                                                  Sep 6, 2024 13:54:55.645129919 CEST298INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 90
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Fri, 06 Sep 2024 02:07:20 GMT
                                                                                                                  Age: 35255
                                                                                                                  Content-Type: text/html
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                  Sep 6, 2024 13:55:05.653399944 CEST6OUTData Raw: 00
                                                                                                                  Data Ascii:
                                                                                                                  Sep 6, 2024 13:55:06.785516024 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Connection: keep-alive
                                                                                                                  Sep 6, 2024 13:55:06.882597923 CEST298INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 90
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Fri, 06 Sep 2024 02:07:20 GMT
                                                                                                                  Age: 35266
                                                                                                                  Content-Type: text/html
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                  Sep 6, 2024 13:55:16.894839048 CEST6OUTData Raw: 00
                                                                                                                  Data Ascii:
                                                                                                                  Sep 6, 2024 13:55:26.911293983 CEST6OUTData Raw: 00
                                                                                                                  Data Ascii:
                                                                                                                  Sep 6, 2024 13:55:36.276897907 CEST303OUTGET /canonical.html HTTP/1.1
                                                                                                                  Host: detectportal.firefox.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                  Accept: */*
                                                                                                                  Accept-Language: en-US,en;q=0.5
                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Connection: keep-alive
                                                                                                                  Sep 6, 2024 13:55:36.371546030 CEST298INHTTP/1.1 200 OK
                                                                                                                  Server: nginx
                                                                                                                  Content-Length: 90
                                                                                                                  Via: 1.1 google
                                                                                                                  Date: Fri, 06 Sep 2024 02:07:20 GMT
                                                                                                                  Age: 35296
                                                                                                                  Content-Type: text/html
                                                                                                                  Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                  Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                  Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                  Sep 6, 2024 13:55:46.382575989 CEST6OUTData Raw: 00
                                                                                                                  Data Ascii:
                                                                                                                  Sep 6, 2024 13:55:56.391124010 CEST6OUTData Raw: 00
                                                                                                                  Data Ascii:
                                                                                                                  Sep 6, 2024 13:56:06.406898975 CEST6OUTData Raw: 00
                                                                                                                  Data Ascii:


                                                                                                                  HTTPS Proxied Packets

                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  0192.168.2.54971694.245.104.564437576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:06 UTC428OUTGET /edgeoffer/pb/experiments?appId=edge-extensions&country=CH HTTP/1.1
                                                                                                                  Host: api.edgeoffer.microsoft.com
                                                                                                                  Connection: keep-alive
                                                                                                                  Sec-Fetch-Site: none
                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                  2024-09-06 11:54:06 UTC584INHTTP/1.1 200 OK
                                                                                                                  Content-Length: 0
                                                                                                                  Connection: close
                                                                                                                  Content-Type: application/x-protobuf; charset=utf-8
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:06 GMT
                                                                                                                  Server: Microsoft-IIS/10.0
                                                                                                                  Set-Cookie: ARRAffinity=b8f21dceb1b391c907e2fa211783745fd88a90226d588c6fbd868fb8cba964ff;Path=/;HttpOnly;Secure;Domain=api.edgeoffer.microsoft.com
                                                                                                                  Set-Cookie: ARRAffinitySameSite=b8f21dceb1b391c907e2fa211783745fd88a90226d588c6fbd868fb8cba964ff;Path=/;HttpOnly;SameSite=None;Secure;Domain=api.edgeoffer.microsoft.com
                                                                                                                  Request-Context: appId=cid-v1:48af8e22-9427-456d-9a55-67a1e42a1bd9
                                                                                                                  X-Powered-By: ASP.NET


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  1192.168.2.549727142.250.185.2254437576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:10 UTC594OUTGET /crx/blobs/AY4GWKBMNax_FQrZEVzNkO_0mu3UShnzR6AihR_EPjVIUOT_pwZzkWCpOk8YKIu0qnIq_YObWXuPyiJ7NA0nDjMHUEYIIEknsNvJHXuPd0MqxESzoxi9xiMyJKNwZiVV1yEAxlKa5UVe61sINARQ7fO9dE0bkfP_W4GG/GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_80_1_0.crx HTTP/1.1
                                                                                                                  Host: clients2.googleusercontent.com
                                                                                                                  Connection: keep-alive
                                                                                                                  Sec-Fetch-Site: none
                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                  2024-09-06 11:54:10 UTC566INHTTP/1.1 200 OK
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Content-Length: 135751
                                                                                                                  X-GUploader-UploadID: AD-8ljt_O5XMJoPXlP6Q8KGWegLxpoAv8Lc1GNJdQ3ftIxlOhGAnKSjCUCnfhK-XxvEt00jIhvM
                                                                                                                  X-Goog-Hash: crc32c=IDdmTg==
                                                                                                                  Server: UploadServer
                                                                                                                  Date: Thu, 05 Sep 2024 19:26:09 GMT
                                                                                                                  Expires: Fri, 05 Sep 2025 19:26:09 GMT
                                                                                                                  Cache-Control: public, max-age=31536000
                                                                                                                  Age: 59281
                                                                                                                  Last-Modified: Tue, 23 Jul 2024 15:56:28 GMT
                                                                                                                  ETag: 1d368626_ddaec042_86665b6c_28d780a0_b2065016
                                                                                                                  Content-Type: application/x-chrome-extension
                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                  Connection: close
                                                                                                                  2024-09-06 11:54:10 UTC824INData Raw: 43 72 32 34 03 00 00 00 e8 15 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 9c 5e d1 18 b0 31 22 89 f4 fd 77 8d 67 83 0b 74 fd c3 32 4a 0e 47 31 00 29 58 34 b1 bf 3d 26 90 3f 5b 6a 2c 4c 7a fd d5 6a b0 75 cf 65 5b 49 85 71 2a 42 61 2f 58 dd ee dc 50 c1 68 fc cd 84 4c 04 88 b9 99 dc 32 25 33 5f 6f f4 ae b5 ad 19 0d d4 b8 48 f7 29 27 b9 3d d6 95 65 f8 ac c8 9c 3f 15 e6 ef 1f 08 ab 11 6a e1 a9 c8 33 55 48 fd 7c bf 58 8c 4d 06 e3 97 75 cc c2 9c 73 5b a6 2a f2 ea 3f 24 f3 9c db 8a 05 9f 46 25 11 1d 18 b4 49 08 19 94 80 29 08 f2 2c 2d c0 2f 90 65 35 29 a6 66 83 e7 4f e4 b2 71 14 5e ff 90 92 01 8d d3 bf ca a0 d0 39 a0 08 28 e3 d2 5f d5 70 68 32 fe 10 5e d5 59 42 50 58 66 5f 38 cc 0b 08
                                                                                                                  Data Ascii: Cr240"0*H0^1"wgt2JG1)X4=&?[j,Lzjue[Iq*Ba/XPhL2%3_oH)'=e?j3UH|XMus[*?$F%I),-/e5)fOq^9(_ph2^YBPXf_8
                                                                                                                  2024-09-06 11:54:10 UTC1390INData Raw: cb 30 5e ae fd 8f bf fc 18 3f ab aa ce 6f f5 9f 86 ea f3 4f e7 8b aa 7e fc f9 c7 ed f2 de 57 f2 ef e5 b5 1f ab 7e fc f1 97 7f fc 18 f2 a7 ba e6 52 7f be 7a 86 4d 61 da 86 e0 b6 91 9a 75 5d 9a b5 2a 9f 87 2d b7 6e 97 ac 9b be 32 73 3c 97 a6 da 8a e4 b0 45 fb 9f 36 ba 3c 2e c2 57 bd 48 91 71 68 ae 17 fd f9 3a 6a a8 79 f8 fe f7 4e dd 44 1a 5d 4e 6a fc f5 d0 bb b5 f4 df 2f a7 cb 61 8a 9a f7 7b e9 db fd f7 67 ca ce f9 92 d0 b9 66 29 ba 7e 7f 5f 98 88 8b a7 31 71 fe fe 4c da 11 23 06 47 da 8d 8d f0 51 97 77 14 c8 99 1d 4a 10 22 04 c4 8e 74 e1 33 0f c2 4d e5 0b 5b 3c 43 e7 18 dc 2e a5 0f 8d 7c 77 d8 1e 94 73 2b 4c 54 17 3e 9b 8f 26 ec 8e 26 50 a5 85 6a 61 ea eb 6e 98 0b 73 73 39 ee c2 67 61 3a ff 1e e7 f7 b3 85 53 ee a9 9e 59 f5 3e 81 0c 1d b9 f8 4a 3a 06 39 87
                                                                                                                  Data Ascii: 0^?oO~W~RzMau]*-n2s<E6<.WHqh:jyND]Nj/a{gf)~_1qL#GQwJ"t3M[<C.|ws+LT>&&Pjanss9ga:SY>J:9
                                                                                                                  2024-09-06 11:54:10 UTC1390INData Raw: fb 44 b0 b4 75 cd a2 45 f6 da fb af bc 3f ce 66 36 89 54 f7 7b 85 4d 64 18 16 65 30 97 1e f2 8b 3d 8c f3 00 e1 48 79 96 ec ea 1d f6 a0 d6 80 10 97 4f 10 60 43 7e 2d de bf 3f ac f5 dc 1b 32 87 63 d4 2b 25 8c c9 3d 52 f4 88 e8 d8 51 25 77 c5 5e 7a c9 5e 86 25 15 31 06 d8 2d 7b ad d1 54 eb 11 a3 53 14 2c cf 7d f9 ff d0 e0 b2 c1 43 66 d4 4a 06 e2 33 37 55 9a 78 d1 48 02 d7 8b 1b d1 0b 33 cc 70 a7 4b c1 72 2f c2 13 19 ed c4 5b a9 a0 8b 4d b9 59 5e 7b 72 2d ff 51 fb dc 0d f6 85 87 e6 ba 95 5e 68 12 00 3b 14 08 91 1b c3 91 cc 5a 03 7c cc a3 e0 a7 19 9b 8f 07 0b 70 9c 51 bc af ba f7 c7 22 7f 6b ed da 1b 3c a4 60 9b 5a c3 ab 54 de 7c 82 75 4b 00 a2 d8 aa 43 9d 31 12 d1 82 59 67 1d aa fb 81 1f 1b e0 15 11 e5 97 16 34 8b 65 ef 77 cd 57 b2 c7 ad ba 65 8d f2 aa de 35
                                                                                                                  Data Ascii: DuE?f6T{Mde0=HyO`C~-?2c+%=RQ%w^z^%1-{TS,}CfJ37UxH3pKr/[MY^{r-Q^h;Z|pQ"k<`ZT|uKC1Yg4ewWe5
                                                                                                                  2024-09-06 11:54:10 UTC1390INData Raw: a3 3a 66 63 2b dc 55 dd f4 76 4a 8c 67 19 c8 cf dc c0 a9 f6 5c fb 04 0e 30 9f 45 2b 3a 9d 3b 96 d8 5b 6e bd d6 e7 9c e8 c6 a6 3c ec 04 3f 00 02 d8 07 6a 07 4f 70 bb e6 0d 44 84 8e 31 f6 ed 3b e9 6a c5 3d 68 26 0c d9 55 07 3f b0 ae cd 25 f6 a5 bf 92 bd 1a 68 de 40 51 36 ee a5 e4 ce 91 50 6c c6 16 de 88 4e bc 66 c4 fd 22 da f5 e3 d6 a9 11 77 9e cc c8 00 69 5f 40 62 95 20 df ff 5c 62 ff d0 7c 77 74 a5 ee 94 81 37 09 f8 6e 89 76 d0 cc c3 9e ed f1 98 74 e8 44 3c ad 43 b4 7d 7c ef 37 12 7f b8 65 96 f8 5e 7f 6d d6 87 cf c8 3f 3c ff 0f fe 46 0a 5c ba b6 fe 19 70 0e 32 75 0d ee 8d af b1 e1 04 85 42 3c 9e 59 9b c0 78 a6 b0 b5 39 1f b7 d1 de cd 12 22 41 49 d1 15 ab a1 11 33 5c d4 fd b2 5b d9 73 15 d6 f9 35 bc c7 cd bb 1d 79 b6 97 eb f1 e5 7e 9d 14 50 5d 28 7c 07 9c
                                                                                                                  Data Ascii: :fc+UvJg\0E+:;[n<?jOpD1;j=h&U?%h@Q6PlNf"wi_@b \b|wt7nvtD<C}|7e^m?<F\p2uB<Yx9"AI3\[s5y~P](|
                                                                                                                  2024-09-06 11:54:10 UTC1390INData Raw: f4 82 39 aa e0 7a ec d0 f9 66 30 94 41 fc df ee db 1c a9 13 e6 2d 30 13 82 a1 ce 12 31 7d 82 53 e2 83 47 45 59 27 58 b8 8f 29 06 91 69 cf 5a f8 cc 88 c6 0f 64 a8 24 03 ce ef 34 a6 34 d9 53 76 aa d1 f7 b6 0a 2b fc d4 75 76 ce 3a 75 4f 2d 57 df f3 bf de ff fb dd 66 83 81 23 92 f4 b0 c9 4d 75 c1 14 7c 9e f8 b8 ab 3c 75 20 0d 34 51 a3 0e b9 57 8f 5c c9 54 10 9d 35 cc 9b 85 ba 8d ce d3 40 ea df eb f4 bd c6 2c 8d bf 7f cb f8 66 fe ef 5a ba 1d ba 7f 9e b7 3c ff e1 39 cb 7f 7d 77 90 3e 1b 53 53 b5 ff 3a 2b 59 eb 1a b5 ef 9a f3 97 e0 e3 a3 e0 8e ca 4c fb 5e 74 ea 56 74 b6 f6 9f d3 57 e1 d7 9f b9 df 5e fe f7 bb 96 ae e7 1e 0d df 6b e7 fb 2c e6 b1 79 7f 1c 1b ef fb ff 1f ba be 0c 5d 77 5f 05 74 4c cd 62 ce b9 d6 b7 e6 3a 9d e3 7f 1f 1a cd c7 fb 67 75 fb f1 97 bf fe
                                                                                                                  Data Ascii: 9zf0A-01}SGEY'X)iZd$44Sv+uv:uO-Wf#Mu|<u 4QW\T5@,fZ<9}w>SS:+YL^tVtW^k,y]w_tLb:gu
                                                                                                                  2024-09-06 11:54:10 UTC1390INData Raw: ad 33 4d c7 0c 67 6e 81 d6 1e 0c 0b 79 e1 e5 4a 9e 81 e8 0e 6d e9 ca e1 60 fa 07 7f fa d2 b1 1f f7 7b ac 3f 4a 13 55 ac f1 4c 7f 94 cf f0 fa f1 b6 7e 2d 9f 5f f6 86 cc fe f1 ec 09 fd 70 24 26 57 1c cf 8f 61 96 f1 4e 24 37 5b 2c f1 37 09 ff 3e 8d 4e e3 76 3b 30 89 99 dc ba 80 99 fa f5 86 7a ab 17 00 10 99 70 d6 78 75 3f ec 5d 26 c0 29 73 23 b1 4d 01 b1 bd 85 22 65 c6 ae 4d 05 29 bb 19 a4 97 d3 26 50 39 76 5a 02 7b 3b 5c cd 19 16 9a 34 6a ca 98 31 83 a3 30 c0 8d 8b 90 69 14 2e 18 a7 11 fc 43 a4 1b 50 25 a6 9a b3 38 b3 01 a7 ed 89 86 13 1f da e6 66 69 88 9b 9b cb a3 0e 88 10 49 34 ac c5 ac 87 cc 0e df 3a 83 59 3f 4a c7 9a 9c 4a 52 22 4a 73 50 10 93 5b 04 26 5d e4 1b 03 5e 57 1d b5 9f 07 15 ea 11 56 a2 32 1c 57 08 4b 8e 3a dd 14 09 a5 9a 54 87 09 2c df 70 99
                                                                                                                  Data Ascii: 3MgnyJm`{?JUL~-_p$&WaN$7[,7>Nv;0zpxu?]&)s#M"eM)&P9vZ{;\4j10i.CP%8fiI4:Y?JJR"JsP[&]^WV2WK:T,p
                                                                                                                  2024-09-06 11:54:10 UTC1390INData Raw: 34 3d 97 d3 d8 25 32 96 b3 f5 13 f7 6e 04 c3 e8 d7 24 af 68 00 67 eb c3 66 e7 0c 80 f3 86 ed 66 61 be 93 2c c1 a2 81 5f 40 75 19 01 ec 81 b2 11 59 6b 02 01 7c 80 cd 06 9c b7 f6 39 2e 1b a2 d1 59 0b 31 ae 2b a8 f9 19 97 78 ba 9e 92 04 eb 38 0f b1 da 61 42 cf b8 b8 ab 80 50 16 da 7c e0 2a 5d 2e b6 61 3d 16 a7 f7 ad 25 37 09 0c 17 4a fa a3 b0 2f 74 b2 60 63 c4 b5 32 fd ca 4b dc 91 50 cd 08 cf a1 3e ef 10 50 75 05 0f a4 06 bb 61 21 1b 94 db 98 9a 6d 25 ee 69 db 2b 4b 9f 80 46 c6 7a 5d 13 fe 95 45 1a 44 be bd d3 f7 20 9f 7f 88 83 9f 5b 5b 41 3d 0c 7f 6e 6e 02 8a 0a a9 66 0f 64 38 ff 27 1a e0 86 95 3d 0e 65 8e 2a 9e ff b3 5a f5 13 b7 6b 4c e2 da dd 53 96 36 98 be 35 e0 8b a2 03 ec 6d 83 0f 98 a6 6a 9a 7d d4 30 cf b9 22 24 be 95 ed ae b5 82 4d 0c 6d 44 68 ea 50
                                                                                                                  Data Ascii: 4=%2n$hgffa,_@uYk|9.Y1+x8aBP|*].a=%7J/t`c2KP>Pua!m%i+KFz]ED [[A=nnfd8'=e*ZkLS65mj}0"$MmDhP
                                                                                                                  2024-09-06 11:54:10 UTC1390INData Raw: 87 c6 bc 81 e5 c6 01 f8 80 6e be 68 ae 8d 1a 92 d9 22 7c fb 47 cd 55 a8 b9 72 2b d4 f6 c4 b2 bb dd a3 21 3e c1 52 53 40 cc 0f 98 69 56 28 ab c0 b8 20 06 f5 02 9a 6f 68 bf 82 e6 8f 24 99 81 79 93 8e d4 f5 47 b4 3f 91 f0 93 e1 db ea 74 d9 df bc 02 e8 81 b4 53 49 59 03 c4 1b 90 6e de 93 27 17 a4 fa 97 68 50 4b ef a1 19 2a b3 8e 70 02 6b db 66 44 24 b0 33 79 cf de 43 b1 cd cd c3 41 86 8d 22 07 8e 36 37 b7 cc 9f 0b de bb 60 25 1c fe f7 ea 9b 07 c5 80 f6 9d 10 df 4c b8 27 ef 1c 14 d6 c4 c3 c8 1c ee dd 3d 4d da 8a 0c c4 52 71 54 0a cc 3d d5 5f 29 07 02 fd 8d 5b 75 1c 35 30 b0 47 f8 b3 f1 28 6e 46 7c 56 31 fc 89 c5 6c ca aa 76 67 10 f7 66 c9 bd 26 86 fd fd 33 5d db d6 b3 31 ae 67 3e af 13 4c ea cf 63 28 1c 73 d5 b7 cf 2e dd b8 9a fa 75 a8 12 83 1e ae 82 2c 32 d0
                                                                                                                  Data Ascii: nh"|GUr+!>RS@iV( oh$yG?tSIYn'hPK*pkfD$3yCA"67`%L'=MRqT=_)[u50G(nF|V1lvgf&3]1g>Lc(s.u,2
                                                                                                                  2024-09-06 11:54:10 UTC1390INData Raw: 1a 0c 27 c9 15 33 8e 4d 6d 30 cb db c6 1d 95 4b 44 47 2a fe 65 6d 62 82 56 4a e1 cb 97 55 fc 6d 2d fc d8 a1 69 e9 bd ea 7b 41 b9 d4 6c 30 29 3a d9 54 cc 2c 05 5e a2 02 b3 c5 bb 08 19 d8 62 b9 d7 a5 62 06 3c 34 40 2e 25 3c 2e c3 97 e2 9d d1 3b c2 71 73 13 d5 e3 35 1f 0d 77 bd 52 9b 9d 01 9b 76 ce d3 0a 52 52 c7 6b 5d b2 e6 95 0a ae bf 14 a3 21 ab aa 31 20 bd b4 d7 42 bf e6 ac e0 5e 40 6f ac 03 3a 6a 01 54 03 d6 36 21 06 2c ba 37 91 a3 0c 4f d2 f8 12 13 46 bb 84 e9 6e dd 4f 81 45 78 78 68 42 e3 13 1f ac 1d 5f 60 04 f8 9a c2 4f 39 8e dc 8c 8d 17 91 02 eb a3 e5 59 ed 20 d2 12 4f e2 a7 7e 66 86 b7 89 8d 5e 42 dd ad 6d cf 2f c2 ed a0 58 e6 a4 e8 94 cb 4f a1 44 3b d4 2c b4 50 44 ce 14 d0 d2 b6 82 1a 45 be 6a b8 a8 f3 70 b4 81 60 59 46 50 39 3d 99 b2 b8 fb 19 23
                                                                                                                  Data Ascii: '3Mm0KDG*embVJUm-i{Al0):T,^bb<4@.%<.;qs5wRvRRk]!1 B^@o:jT6!,7OFnOExxhB_`O9Y O~f^Bm/XOD;,PDEjp`YFP9=#
                                                                                                                  2024-09-06 11:54:10 UTC1390INData Raw: 5e 4e 7f fd fa f3 8f 27 8f ff d8 06 aa 7b 8f 52 b0 a4 78 a6 f8 ce 72 c4 5f 39 36 74 23 3d a2 5e 64 ed 29 3c 87 d5 63 57 ef 41 05 40 38 0f e8 2f d0 e8 ee 60 78 31 a8 e0 aa 56 f0 9d a3 17 ab 1f c9 83 ee a5 c0 0c d4 43 84 42 20 54 19 07 77 89 e3 f9 04 05 67 92 9e a7 b0 83 ae 1c df b9 60 e3 01 68 2e f0 49 a9 c5 b0 3d 74 1f 03 d9 07 37 09 19 27 70 29 60 8f d4 1e 13 eb a4 2d 83 17 0b 58 58 65 0b 2b 09 80 2e 29 5a 5a 1e 7b 0b 46 a0 a2 7f e9 a8 77 64 98 5b 0e e4 3a 8a 11 91 76 32 04 ed 6a 28 4f 01 04 c6 70 85 84 f6 e7 b3 20 6e 41 39 10 d0 00 a9 42 a0 f8 c0 6e f0 6c 6d 44 a1 12 09 6c f4 67 bf 3f ab ff f1 f8 f1 1c 10 16 b7 35 9a 93 9f 70 5f e2 ca bd 60 c7 46 0f d8 18 13 66 58 1b 01 f9 88 5d 2a e3 a5 e8 eb b3 27 1a 94 30 a2 67 4f 44 be 18 97 0f cf c7 58 11 76 5a 6f
                                                                                                                  Data Ascii: ^N'{Rxr_96t#=^d)<cWA@8/`x1VCB Twg`h.I=t7'p)`-XXe+.)ZZ{Fwd[:v2j(Op nA9BnlmDlg?5p_`FfX]*'0gODXvZo


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  2192.168.2.549734162.159.61.34437576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:10 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                  Connection: keep-alive
                                                                                                                  Content-Length: 128
                                                                                                                  Accept: application/dns-message
                                                                                                                  Accept-Language: *
                                                                                                                  User-Agent: Chrome
                                                                                                                  Accept-Encoding: identity
                                                                                                                  Content-Type: application/dns-message
                                                                                                                  2024-09-06 11:54:10 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                  2024-09-06 11:54:10 UTC247INHTTP/1.1 200 OK
                                                                                                                  Server: cloudflare
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:10 GMT
                                                                                                                  Content-Type: application/dns-message
                                                                                                                  Connection: close
                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                  Content-Length: 468
                                                                                                                  CF-RAY: 8bee43469c17423e-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  2024-09-06 11:54:10 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f8 00 04 8e fb 28 a3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: wwwgstaticcom()


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  3192.168.2.549735162.159.61.34437576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:10 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                  Connection: keep-alive
                                                                                                                  Content-Length: 128
                                                                                                                  Accept: application/dns-message
                                                                                                                  Accept-Language: *
                                                                                                                  User-Agent: Chrome
                                                                                                                  Accept-Encoding: identity
                                                                                                                  Content-Type: application/dns-message
                                                                                                                  2024-09-06 11:54:10 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                  2024-09-06 11:54:10 UTC247INHTTP/1.1 200 OK
                                                                                                                  Server: cloudflare
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:10 GMT
                                                                                                                  Content-Type: application/dns-message
                                                                                                                  Connection: close
                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                  Content-Length: 468
                                                                                                                  CF-RAY: 8bee43468fb7181d-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  2024-09-06 11:54:10 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 0d 00 04 8e fb 28 e3 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: wwwgstaticcom()


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  4192.168.2.549736172.64.41.34437576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:10 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                  Host: chrome.cloudflare-dns.com
                                                                                                                  Connection: keep-alive
                                                                                                                  Content-Length: 128
                                                                                                                  Accept: application/dns-message
                                                                                                                  Accept-Language: *
                                                                                                                  User-Agent: Chrome
                                                                                                                  Accept-Encoding: identity
                                                                                                                  Content-Type: application/dns-message
                                                                                                                  2024-09-06 11:54:10 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: wwwgstaticcom)TP
                                                                                                                  2024-09-06 11:54:10 UTC247INHTTP/1.1 200 OK
                                                                                                                  Server: cloudflare
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:10 GMT
                                                                                                                  Content-Type: application/dns-message
                                                                                                                  Connection: close
                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                  Content-Length: 468
                                                                                                                  CF-RAY: 8bee4346efad7c7b-EWR
                                                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                                                  2024-09-06 11:54:10 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 df 00 04 8e fb 28 63 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                  Data Ascii: wwwgstaticcom(c)


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  5192.168.2.549730184.28.90.27443
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:10 UTC161OUTHEAD /fs/windows/config.json HTTP/1.1
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Accept: */*
                                                                                                                  Accept-Encoding: identity
                                                                                                                  User-Agent: Microsoft BITS/7.8
                                                                                                                  Host: fs.microsoft.com
                                                                                                                  2024-09-06 11:54:10 UTC494INHTTP/1.1 200 OK
                                                                                                                  ApiVersion: Distribute 1.1
                                                                                                                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                  Server: ECAcc (lpl/EF06)
                                                                                                                  X-CID: 11
                                                                                                                  X-Ms-ApiVersion: Distribute 1.2
                                                                                                                  X-Ms-Region: prod-weu-z1
                                                                                                                  Cache-Control: public, max-age=25929
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:10 GMT
                                                                                                                  Connection: close
                                                                                                                  X-CID: 2


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  6192.168.2.549754184.28.90.27443
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:11 UTC239OUTGET /fs/windows/config.json HTTP/1.1
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Accept: */*
                                                                                                                  Accept-Encoding: identity
                                                                                                                  If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                  Range: bytes=0-2147483646
                                                                                                                  User-Agent: Microsoft BITS/7.8
                                                                                                                  Host: fs.microsoft.com
                                                                                                                  2024-09-06 11:54:11 UTC514INHTTP/1.1 200 OK
                                                                                                                  ApiVersion: Distribute 1.1
                                                                                                                  Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7"
                                                                                                                  Last-Modified: Tue, 16 May 2017 22:58:00 GMT
                                                                                                                  Server: ECAcc (lpl/EF06)
                                                                                                                  X-CID: 11
                                                                                                                  X-Ms-ApiVersion: Distribute 1.2
                                                                                                                  X-Ms-Region: prod-weu-z1
                                                                                                                  Cache-Control: public, max-age=25980
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:11 GMT
                                                                                                                  Content-Length: 55
                                                                                                                  Connection: close
                                                                                                                  X-CID: 2
                                                                                                                  2024-09-06 11:54:11 UTC55INData Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d
                                                                                                                  Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  7192.168.2.549757152.195.19.974437576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:11 UTC612OUTGET /filestreamingservice/files/bdc392b9-6b81-4aaa-b3ee-2fffd9562edb?P1=1726228447&P2=404&P3=2&P4=Wih3FgHU7MIPqDKf9yfZBSinj42Gqb22Py28OWaIgShg0kydjgE6EzbquqoYCLN99wIbLxFjCJ2AKDxWJRC83w%3d%3d HTTP/1.1
                                                                                                                  Host: msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
                                                                                                                  Connection: keep-alive
                                                                                                                  MS-CV: 6gVNYBuMaylzu4kWEdmN22
                                                                                                                  Sec-Fetch-Site: none
                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                  2024-09-06 11:54:11 UTC632INHTTP/1.1 200 OK
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Age: 5550182
                                                                                                                  Cache-Control: public, max-age=17280000
                                                                                                                  Content-Type: application/x-chrome-extension
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:11 GMT
                                                                                                                  Etag: "Gv3jDkaZdFLRHkoq2781zOehQE8="
                                                                                                                  Last-Modified: Wed, 24 Jan 2024 00:25:37 GMT
                                                                                                                  MS-CorrelationId: b4b4aabf-4d02-4629-96b1-a382405b6a31
                                                                                                                  MS-CV: 642I+iNy0Qp5KFcIV/sUKh.0
                                                                                                                  MS-RequestId: 5245ac9e-0afd-43ce-8780-5c7d0bedf1d4
                                                                                                                  Server: ECAcc (nyd/D11E)
                                                                                                                  X-AspNet-Version: 4.0.30319
                                                                                                                  X-AspNetMvc-Version: 5.3
                                                                                                                  X-Cache: HIT
                                                                                                                  X-CCC: US
                                                                                                                  X-CID: 11
                                                                                                                  X-Powered-By: ASP.NET
                                                                                                                  X-Powered-By: ARR/3.0
                                                                                                                  X-Powered-By: ASP.NET
                                                                                                                  Content-Length: 11185
                                                                                                                  Connection: close
                                                                                                                  2024-09-06 11:54:11 UTC11185INData Raw: 43 72 32 34 03 00 00 00 1d 05 00 00 12 ac 04 0a a6 02 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 bb 4e a9 d8 c8 e8 cb ac 89 0d 45 23 09 ef 07 9e ab ed 9a 39 65 ef 75 ea 71 bc a5 c4 56 59 59 ef 8c 08 40 04 2b ed 43 d0 dc 6b a7 4f 88 b9 62 4b d3 60 94 de 36 ee 47 92 ab 25 8a 1e cc 0d fa 33 5a 12 19 8e 65 20 5f fd 36 15 d6 13 1e 46 ae 8b 31 70 18 f1 a8 4b 1d 5a ff de 0e 83 8e 11 b2 2f 20 ed 33 88 cb fb 4f 54 94 9e 60 00 d3 bc 30 ab c0 d7 59 8b b0 96 46 54 fc f0 34 33 1c 74 68 d6 79 f9 0c 8c 7d 8a 91 98 ca 70 c6 4c 0f 1b c8 32 53 b9 26 69 cc 60 09 8d 6f ec f9 a6 66 8d 6f 48 81 0e 05 8a f1 97 4e b8 c3 94 3a b3 f7 69 6a 54 89 33 da 9e 46 7b d1 30 bb 2c cc 66 3f 27 66 e3 43 51 74 3b 62 5f 22 50 63 08 e5 20
                                                                                                                  Data Ascii: Cr240"0*H0NE#9euqVYY@+CkObK`6G%3Ze _6F1pKZ/ 3OT`0YFT43thy}pL2S&i`ofoHN:ijT3F{0,f?'fCQt;b_"Pc


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  8192.168.2.549763142.250.176.2064437576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:12 UTC1079OUTGET /accounts/CheckConnection?pmpo=https%3A%2F%2Faccounts.google.com&v=713924867&timestamp=1725623650303 HTTP/1.1
                                                                                                                  Host: accounts.youtube.com
                                                                                                                  Connection: keep-alive
                                                                                                                  sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                  sec-ch-ua-full-version: "117.0.5938.132"
                                                                                                                  sec-ch-ua-arch: "x86"
                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                  sec-ch-ua-platform-version: "10.0.0"
                                                                                                                  sec-ch-ua-model: ""
                                                                                                                  sec-ch-ua-bitness: "64"
                                                                                                                  sec-ch-ua-wow64: ?0
                                                                                                                  sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"
                                                                                                                  Upgrade-Insecure-Requests: 1
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                  Sec-Fetch-Site: cross-site
                                                                                                                  Sec-Fetch-Mode: navigate
                                                                                                                  Sec-Fetch-Dest: iframe
                                                                                                                  Referer: https://accounts.google.com/
                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                  2024-09-06 11:54:12 UTC1971INHTTP/1.1 200 OK
                                                                                                                  Content-Type: text/html; charset=utf-8
                                                                                                                  X-Frame-Options: ALLOW-FROM https://accounts.google.com
                                                                                                                  Content-Security-Policy: frame-ancestors https://accounts.google.com
                                                                                                                  Content-Security-Policy: script-src 'report-sample' 'nonce-cBqfzg081FjOqRxndE-mLw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport;worker-src 'self'
                                                                                                                  Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport/allowlist
                                                                                                                  Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/AccountsDomainCookiesCheckConnectionHttp/cspreport
                                                                                                                  Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                  Pragma: no-cache
                                                                                                                  Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:12 GMT
                                                                                                                  Cross-Origin-Opener-Policy: same-origin
                                                                                                                  Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                  Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                                                                  reporting-endpoints: default="/_/AccountsDomainCookiesCheckConnectionHttp/web-reports?context=eJzjstDikmII0pBikPj6kkkNiJ3SZ7AGAHHSv_OsBUC8JOIi64HEi6yXuy-xXgdi1Z5LrMZALMTD8eTW621sAhceXPvHqKSXlF8Yn5mSmleSWVKZkp-bmJmXnJ-fnZlaXJxaVJZaFG9kYGRiYGFkqmdgEV9gAABabi-K"
                                                                                                                  Server: ESF
                                                                                                                  X-XSS-Protection: 0
                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                  Accept-Ranges: none
                                                                                                                  Vary: Accept-Encoding
                                                                                                                  Connection: close
                                                                                                                  Transfer-Encoding: chunked
                                                                                                                  2024-09-06 11:54:12 UTC1971INData Raw: 37 36 33 39 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 63 42 71 66 7a 67 30 38 31 46 6a 4f 71 52 78 6e 64 45 2d 6d 4c 77 22 3e 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 3d 74 68 69 73 2e 64 65 66 61 75 6c 74 5f 41 63 63 6f 75 6e 74 73 44 6f 6d 61 69 6e 63 6f 6f 6b 69 65 73 43 68 65 63 6b 63 6f 6e 6e 65 63 74 69 6f 6e 4a 73 7c 7c 7b 7d 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 29 7b 76 61 72 20 77 69 6e 64 6f 77 3d 74 68 69 73 3b 0a 74 72 79 7b 0a 5f 2e 5f 46 5f 74 6f 67 67 6c 65 73 5f 69 6e 69 74 69 61 6c 69 7a 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 28 74 79 70 65 6f
                                                                                                                  Data Ascii: 7639<html><head><script nonce="cBqfzg081FjOqRxndE-mLw">"use strict";this.default_AccountsDomaincookiesCheckconnectionJs=this.default_AccountsDomaincookiesCheckconnectionJs||{};(function(_){var window=this;try{_._F_toggles_initialize=function(a){(typeo
                                                                                                                  2024-09-06 11:54:12 UTC1971INData Raw: 6e 20 64 20 69 6e 20 62 7d 29 5d 7c 7c 22 22 7d 7d 2c 70 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 0a 66 61 28 29 3b 69 66 28 61 3d 3d 3d 22 49 6e 74 65 72 6e 65 74 20 45 78 70 6c 6f 72 65 72 22 29 7b 69 66 28 6a 61 28 29 29 69 66 28 28 61 3d 2f 72 76 3a 20 2a 28 5b 5c 64 5c 2e 5d 2a 29 2f 2e 65 78 65 63 28 62 29 29 26 26 61 5b 31 5d 29 62 3d 61 5b 31 5d 3b 65 6c 73 65 7b 61 3d 22 22 3b 76 61 72 20 63 3d 2f 4d 53 49 45 20 2b 28 5b 5c 64 5c 2e 5d 2b 29 2f 2e 65 78 65 63 28 62 29 3b 69 66 28 63 26 26 63 5b 31 5d 29 69 66 28 62 3d 2f 54 72 69 64 65 6e 74 5c 2f 28 5c 64 2e 5c 64 29 2f 2e 65 78 65 63 28 62 29 2c 63 5b 31 5d 3d 3d 22 37 2e 30 22 29 69 66 28 62 26 26 62 5b 31 5d 29 73 77 69 74 63 68 28 62 5b 31 5d 29 7b 63 61 73 65 20 22 34 2e
                                                                                                                  Data Ascii: n d in b})]||""}},pa=function(a){var b=fa();if(a==="Internet Explorer"){if(ja())if((a=/rv: *([\d\.]*)/.exec(b))&&a[1])b=a[1];else{a="";var c=/MSIE +([\d\.]+)/.exec(b);if(c&&c[1])if(b=/Trident\/(\d.\d)/.exec(b),c[1]=="7.0")if(b&&b[1])switch(b[1]){case "4.
                                                                                                                  2024-09-06 11:54:12 UTC1971INData Raw: 6f 6e 28 61 2c 62 2c 63 29 7b 61 3d 3d 6e 75 6c 6c 26 26 28 61 3d 79 61 29 3b 79 61 3d 76 6f 69 64 20 30 3b 69 66 28 61 3d 3d 6e 75 6c 6c 29 7b 76 61 72 20 64 3d 39 36 3b 63 3f 28 61 3d 5b 63 5d 2c 64 7c 3d 35 31 32 29 3a 61 3d 5b 5d 3b 62 26 26 28 64 3d 64 26 2d 31 36 37 36 30 38 33 33 7c 28 62 26 31 30 32 33 29 3c 3c 31 34 29 7d 65 6c 73 65 7b 69 66 28 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 61 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6e 22 29 3b 0a 64 3d 7a 28 61 29 3b 69 66 28 64 26 32 30 34 38 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6f 22 29 3b 69 66 28 64 26 36 34 29 72 65 74 75 72 6e 20 61 3b 64 7c 3d 36 34 3b 69 66 28 63 26 26 28 64 7c 3d 35 31 32 2c 63 21 3d 3d 61 5b 30 5d 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 70 22 29 3b 61 3a
                                                                                                                  Data Ascii: on(a,b,c){a==null&&(a=ya);ya=void 0;if(a==null){var d=96;c?(a=[c],d|=512):a=[];b&&(d=d&-16760833|(b&1023)<<14)}else{if(!Array.isArray(a))throw Error("n");d=z(a);if(d&2048)throw Error("o");if(d&64)return a;d|=64;if(c&&(d|=512,c!==a[0]))throw Error("p");a:
                                                                                                                  2024-09-06 11:54:12 UTC1971INData Raw: 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 43 3f 61 2e 4a 3a 4b 61 28 61 2e 4a 2c 4e 61 2c 76 6f 69 64 20 30 2c 76 6f 69 64 20 30 2c 21 31 29 3b 76 61 72 20 62 3d 21 43 2c 63 3d 61 2e 6c 65 6e 67 74 68 3b 69 66 28 63 29 7b 76 61 72 20 64 3d 61 5b 63 2d 31 5d 2c 65 3d 76 61 28 64 29 3b 65 3f 63 2d 2d 3a 64 3d 76 6f 69 64 20 30 3b 76 61 72 20 66 3d 61 3b 69 66 28 65 29 7b 62 3a 7b 76 61 72 20 68 3d 64 3b 76 61 72 20 67 3d 7b 7d 3b 65 3d 21 31 3b 69 66 28 68 29 66 6f 72 28 76 61 72 20 6b 20 69 6e 20 68 29 69 66 28 69 73 4e 61 4e 28 2b 6b 29 29 67 5b 6b 5d 3d 68 5b 6b 5d 3b 65 6c 73 65 7b 76 61 72 20 6c 3d 0a 68 5b 6b 5d 3b 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 6c 29 26 26 28 41 28 6c 29 7c 7c 75 61 28 6c 29 26 26 6c 2e 73 69 7a 65 3d 3d 3d 30 29 26 26 28 6c 3d
                                                                                                                  Data Ascii: nction(a){a=C?a.J:Ka(a.J,Na,void 0,void 0,!1);var b=!C,c=a.length;if(c){var d=a[c-1],e=va(d);e?c--:d=void 0;var f=a;if(e){b:{var h=d;var g={};e=!1;if(h)for(var k in h)if(isNaN(+k))g[k]=h[k];else{var l=h[k];Array.isArray(l)&&(A(l)||ua(l)&&l.size===0)&&(l=
                                                                                                                  2024-09-06 11:54:12 UTC1971INData Raw: 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 74 79 70 65 6f 66 20 64 2e 70 72 6f 74 6f 74 79 70 65 5b 61 5d 21 3d 22 66 75 6e 63 74 69 6f 6e 22 26 26 44 28 64 2e 70 72 6f 74 6f 74 79 70 65 2c 61 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 54 61 28 51 61 28 74 68 69 73 29 29 7d 7d 29 7d 72 65 74 75 72 6e 20 61 7d 29 3b 0a 76 61 72 20 54 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 61 3d 7b 6e 65 78 74 3a 61 7d 3b 61 5b 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 5d 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 72 65 74 75 72 6e 20 61 7d 2c 46 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d
                                                                                                                  Data Ascii: eof d==="function"&&typeof d.prototype[a]!="function"&&D(d.prototype,a,{configurable:!0,writable:!0,value:function(){return Ta(Qa(this))}})}return a});var Ta=function(a){a={next:a};a[Symbol.iterator]=function(){return this};return a},F=function(a){var b=
                                                                                                                  2024-09-06 11:54:12 UTC1971INData Raw: 28 22 69 22 29 3b 64 28 6b 29 3b 69 66 28 21 47 28 6b 2c 66 29 29 74 68 72 6f 77 20 45 72 72 6f 72 28 22 6a 60 22 2b 6b 29 3b 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3d 6c 3b 72 65 74 75 72 6e 20 74 68 69 73 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 67 65 74 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 47 28 6b 2c 66 29 3f 6b 5b 66 5d 5b 74 68 69 73 2e 67 5d 3a 76 6f 69 64 20 30 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 47 28 6b 2c 66 29 26 26 47 28 6b 5b 66 5d 2c 74 68 69 73 2e 67 29 7d 3b 67 2e 70 72 6f 74 6f 74 79 70 65 2e 64 65 6c 65 74 65 3d 66 75 6e 63 74 69 6f 6e 28 6b 29 7b 72 65 74 75 72 6e 20 63 28 6b 29 26 26 0a 47 28 6b 2c 66 29
                                                                                                                  Data Ascii: ("i");d(k);if(!G(k,f))throw Error("j`"+k);k[f][this.g]=l;return this};g.prototype.get=function(k){return c(k)&&G(k,f)?k[f][this.g]:void 0};g.prototype.has=function(k){return c(k)&&G(k,f)&&G(k[f],this.g)};g.prototype.delete=function(k){return c(k)&&G(k,f)
                                                                                                                  2024-09-06 11:54:12 UTC1971INData Raw: 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 62 2e 68 61 73 28 6b 29 3f 6c 3d 62 2e 67 65 74 28 6b 29 3a 28 6c 3d 22 22 2b 20 2b 2b 68 2c 62 2e 73 65 74 28 6b 2c 6c 29 29 3a 6c 3d 22 70 5f 22 2b 6b 3b 76 61 72 20 6d 3d 67 5b 30 5d 5b 6c 5d 3b 69 66 28 6d 26 26 47 28 67 5b 30 5d 2c 6c 29 29 66 6f 72 28 67 3d 30 3b 67 3c 6d 2e 6c 65 6e 67 74 68 3b 67 2b 2b 29 7b 76 61 72 20 71 3d 6d 5b 67 5d 3b 69 66 28 6b 21 3d 3d 6b 26 26 71 2e 6b 65 79 21 3d 3d 71 2e 6b 65 79 7c 7c 6b 3d 3d 3d 71 2e 6b 65 79 29 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 67 2c 6c 3a 71 7d 7d 72 65 74 75 72 6e 7b 69 64 3a 6c 2c 6c 69 73 74 3a 6d 2c 69 6e 64 65 78 3a 2d 31 2c 6c 3a 76 6f 69 64 20 30 7d 7d 2c 65 3d 66 75 6e 63 74 69 6f 6e 28 67 2c 6b 29 7b 76 61 72 20
                                                                                                                  Data Ascii: ="function"?b.has(k)?l=b.get(k):(l=""+ ++h,b.set(k,l)):l="p_"+k;var m=g[0][l];if(m&&G(g[0],l))for(g=0;g<m.length;g++){var q=m[g];if(k!==k&&q.key!==q.key||k===q.key)return{id:l,list:m,index:g,l:q}}return{id:l,list:m,index:-1,l:void 0}},e=function(g,k){var
                                                                                                                  2024-09-06 11:54:12 UTC1971INData Raw: 69 66 28 21 61 29 74 68 72 6f 77 20 45 72 72 6f 72 28 29 3b 69 66 28 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 32 29 7b 76 61 72 20 64 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 2c 32 29 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 65 3d 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 73 6c 69 63 65 2e 63 61 6c 6c 28 61 72 67 75 6d 65 6e 74 73 29 3b 41 72 72 61 79 2e 70 72 6f 74 6f 74 79 70 65 2e 75 6e 73 68 69 66 74 2e 61 70 70 6c 79 28 65 2c 64 29 3b 72 65 74 75 72 6e 20 61 2e 61 70 70 6c 79 28 62 2c 65 29 7d 7d 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 61 2e 61 70 70 6c 79 28 62 2c 0a 61 72 67 75 6d 65 6e 74 73 29 7d 7d
                                                                                                                  Data Ascii: if(!a)throw Error();if(arguments.length>2){var d=Array.prototype.slice.call(arguments,2);return function(){var e=Array.prototype.slice.call(arguments);Array.prototype.unshift.apply(e,d);return a.apply(b,e)}}return function(){return a.apply(b,arguments)}}
                                                                                                                  2024-09-06 11:54:12 UTC1971INData Raw: 3a 22 55 6e 6b 6e 6f 77 6e 20 65 72 72 6f 72 22 2c 6c 69 6e 65 4e 75 6d 62 65 72 3a 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 2c 66 69 6c 65 4e 61 6d 65 3a 62 2c 73 74 61 63 6b 3a 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 7d 3b 76 61 72 20 63 3d 21 31 3b 74 72 79 7b 76 61 72 20 64 3d 61 2e 6c 69 6e 65 4e 75 6d 62 65 72 7c 7c 61 2e 6c 69 6e 65 7c 7c 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 7d 63 61 74 63 68 28 66 29 7b 64 3d 22 4e 6f 74 20 61 76 61 69 6c 61 62 6c 65 22 2c 63 3d 21 30 7d 74 72 79 7b 76 61 72 20 65 3d 61 2e 66 69 6c 65 4e 61 6d 65 7c 7c 0a 61 2e 66 69 6c 65 6e 61 6d 65 7c 7c 61 2e 73 6f 75 72 63 65 55 52 4c 7c 7c 72 2e 24 67 6f 6f 67 44 65 62 75 67 46 6e 61 6d 65 7c 7c 62 7d 63 61 74 63 68 28 66 29 7b 65 3d 22 4e 6f 74 20 61 76 61
                                                                                                                  Data Ascii: :"Unknown error",lineNumber:"Not available",fileName:b,stack:"Not available"};var c=!1;try{var d=a.lineNumber||a.line||"Not available"}catch(f){d="Not available",c=!0}try{var e=a.fileName||a.filename||a.sourceURL||r.$googDebugFname||b}catch(f){e="Not ava
                                                                                                                  2024-09-06 11:54:12 UTC1971INData Raw: 72 6e 20 4a 5b 61 5d 3b 61 3d 53 74 72 69 6e 67 28 61 29 3b 69 66 28 21 4a 5b 61 5d 29 7b 76 61 72 20 62 3d 2f 66 75 6e 63 74 69 6f 6e 5c 73 2b 28 5b 5e 5c 28 5d 2b 29 2f 6d 2e 65 78 65 63 28 61 29 3b 4a 5b 61 5d 3d 62 3f 62 5b 31 5d 3a 22 5b 41 6e 6f 6e 79 6d 6f 75 73 5d 22 7d 72 65 74 75 72 6e 20 4a 5b 61 5d 7d 2c 4a 3d 7b 7d 3b 76 61 72 20 74 62 3d 52 65 67 45 78 70 28 22 5e 28 3f 3a 28 5b 5e 3a 2f 3f 23 2e 5d 2b 29 3a 29 3f 28 3f 3a 2f 2f 28 3f 3a 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 29 40 29 3f 28 5b 5e 5c 5c 5c 5c 2f 3f 23 5d 2a 3f 29 28 3f 3a 3a 28 5b 30 2d 39 5d 2b 29 29 3f 28 3f 3d 5b 5c 5c 5c 5c 2f 3f 23 5d 7c 24 29 29 3f 28 5b 5e 3f 23 5d 2b 29 3f 28 3f 3a 5c 5c 3f 28 5b 5e 23 5d 2a 29 29 3f 28 3f 3a 23 28 5b 5c 5c 73 5c 5c 53 5d 2a 29 29 3f 24
                                                                                                                  Data Ascii: rn J[a];a=String(a);if(!J[a]){var b=/function\s+([^\(]+)/m.exec(a);J[a]=b?b[1]:"[Anonymous]"}return J[a]},J={};var tb=RegExp("^(?:([^:/?#.]+):)?(?://(?:([^\\\\/?#]*)@)?([^\\\\/?#]*?)(?::([0-9]+))?(?=[\\\\/?#]|$))?([^?#]+)?(?:\\?([^#]*))?(?:#([\\s\\S]*))?$


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  9192.168.2.54976413.107.246.404437576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:12 UTC470OUTGET /assets/edge_hub_apps_manifest_gz/4.7.107/asset?assetgroup=Shoreline HTTP/1.1
                                                                                                                  Host: edgeassetservice.azureedge.net
                                                                                                                  Connection: keep-alive
                                                                                                                  Edge-Asset-Group: Shoreline
                                                                                                                  Sec-Fetch-Site: none
                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                  2024-09-06 11:54:12 UTC577INHTTP/1.1 200 OK
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:12 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 306698
                                                                                                                  Connection: close
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Last-Modified: Tue, 10 Oct 2023 17:24:31 GMT
                                                                                                                  ETag: 0x8DBC9B5C40EBFF4
                                                                                                                  x-ms-request-id: a05cbbc2-a01e-0025-3785-fef0b4000000
                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                  x-azure-ref: 20240906T115412Z-16579567576rt7gkm43y59pk380000000dtg00000000467e
                                                                                                                  Cache-Control: public, max-age=604800
                                                                                                                  x-fd-int-roxy-purgeid: 0
                                                                                                                  X-Cache-Info: L1_T2
                                                                                                                  X-Cache: TCP_HIT
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  2024-09-06 11:54:12 UTC15807INData Raw: 1f 8b 08 08 cf 88 25 65 02 ff 61 73 73 65 74 00 ec 7d 69 93 db 46 92 e8 5f a9 f0 97 fd e0 96 05 10 00 09 4c c4 8b 17 2d f9 92 6d f9 92 6d 8d fd 66 43 51 00 0a 24 9a 20 40 e1 60 ab 7b 76 fe fb ab cc 2c 10 09 82 07 c8 a6 bc 9e 8d 0d 5b 68 b0 8e bc eb 44 55 e6 3f 3f 59 c9 3c 4d 54 55 bf db a8 b2 4a 8b fc 93 bf 89 4f dc cf ac cf ac 4f 6e c4 27 8b 26 7c 27 d7 eb 4a 27 fe bf 7f 7e 92 c6 90 19 c5 ee d4 f7 65 f0 4c f9 be ff cc f5 95 7c 26 63 df 7e 36 9b da 81 13 7b d3 d0 0e 15 d4 cd e5 4a 41 f9 77 ef 5e bf f9 ea 1d fc 7a f7 0e d2 19 1e fb 33 fd df 0c 12 63 55 45 65 ba ae 4d 06 d5 61 89 54 75 a9 1e 20 f7 f5 ab 57 2f 5e dd dd 7e ff 62 be 7c bf 58 a6 5f 05 f7 d6 8b db 9f be f8 f2 f6 f6 87 97 b7 3f f9 b7 90 ff 72 fe ad 7e ff e2 76 9d 58 77 ee 57 8b 1f de ff 14 f9 fe
                                                                                                                  Data Ascii: %easset}iF_L-mmfCQ$ @`{v,[hDU??Y<MTUJOOn'&|'J'~eL|&c~6{JAw^z3cUEeMaTu W/^~b|X_?r~vXwW
                                                                                                                  2024-09-06 11:54:12 UTC16384INData Raw: 04 ba b8 75 26 ce 55 c2 08 bf 5c 90 e7 68 0d 8c 7c 07 bb 14 ee 07 cf ac 5b ca 81 54 5b 25 f6 36 51 93 15 e8 c2 2b 22 50 fc 52 36 6d 55 35 59 19 67 e4 56 be d8 2d df fd 8c 1c b1 48 e9 85 d8 d5 6f a1 88 16 05 b8 ea d5 42 20 2f c6 fa c5 ab 21 ae b4 7e 71 4c 7c 69 3b da be 2c c4 3c 45 31 58 f6 5a d0 75 29 2d 10 91 2f b6 81 a8 f1 77 27 4d cb 46 c3 d1 f2 cb e7 17 7d 3c d0 6a 30 b1 ed 19 11 24 85 30 ed b3 77 98 0a a3 d3 4d 8a a4 58 a6 1a 92 6f 39 a0 66 5b a9 58 c4 f8 d7 db 13 a4 38 9f 53 18 72 e3 d6 58 c9 9c 2a 85 f1 21 3d 9d 12 35 51 d6 f4 74 9e 6e f9 3a 6f 4c fc e5 2c 53 f9 7a 94 a9 7c 50 ab 8e d8 56 01 86 95 11 92 ce 4d 82 a9 12 26 c6 7f 9c 55 b4 0d eb a8 c4 4f 75 f1 df 12 7e 7b 85 2d 18 bd 99 6f 4d 95 18 8d 35 7f b9 51 da bc b3 17 f2 61 66 41 16 70 9d 0a 0c
                                                                                                                  Data Ascii: u&U\h|[T[%6Q+"PR6mU5YgV-HoB /!~qL|i;,<E1XZu)-/w'MF}<j0$0wMXo9f[X8SrX*!=5Qtn:oL,Sz|PVM&UOu~{-oM5QafAp
                                                                                                                  2024-09-06 11:54:12 UTC16384INData Raw: b7 2c 9c d4 28 cd 82 09 ad 54 24 d2 ae 26 b9 4f 37 c4 67 1e 9d 6b d1 e4 03 44 91 0f c7 24 3e 9c a5 f8 80 ce e1 c3 bd 55 1f 7c 0d 7d f0 d6 f4 e1 f6 6d f9 6c 42 78 a7 7a 8f cf 80 2a 42 b1 ca af 46 95 01 06 85 53 be 7a 50 c8 12 ce 7e 7c 44 29 29 63 83 14 66 50 e5 69 9e ba 94 a2 14 a9 44 53 56 22 78 06 d0 d3 7d 25 3d 51 7e fc 63 e8 77 69 11 9c 24 cb 92 42 e9 e0 d4 ac cc c6 c2 0a 92 55 72 f4 61 88 91 31 1f 4c 69 b4 9b 0f a5 64 32 91 6a 99 5a 87 05 9b b8 18 4d b6 69 0c 05 60 46 80 c2 34 75 85 d5 88 cf a4 31 10 78 28 99 44 01 7e 6d 51 37 26 3d f1 aa c8 64 77 98 90 c3 4a 88 b9 d5 8c 73 bc 9b 5c 69 65 23 a6 fb 16 9b 26 25 05 ac fc cc 1e 87 56 e3 bd 7f 86 8d d9 de 4d 93 29 aa 7c fe d1 06 5b da c5 90 55 b0 c9 33 35 1b d9 51 ad b2 ea c6 9a c4 a2 90 04 54 de 86 42 2d
                                                                                                                  Data Ascii: ,(T$&O7gkD$>U|}mlBxz*BFSzP~|D))cfPiDSV"x}%=Q~cwi$BUra1Lid2jZMi`F4u1x(D~mQ7&=dwJs\ie#&%VM)|[U35QTB-
                                                                                                                  2024-09-06 11:54:12 UTC16384INData Raw: 2a 42 7f 7e 14 be 1b ef d2 39 b9 d3 a0 0f a6 db fd c0 cf 6a 73 b5 e6 a0 67 39 bd 50 cf ce e5 f5 33 b4 5b f6 96 18 f6 1d 3d 5b 1c 62 ee 08 9c b4 27 31 5c bf 95 0d 07 a0 cf bc bf ec e9 f3 e3 25 7d d1 cd 7e e8 fe 69 3f 94 32 74 6d 41 40 30 f4 9d 21 ef 18 ab 09 e0 e5 30 bf 56 97 43 99 8d fb 5c b1 3a 15 2a 0c 9d 5f c9 d3 47 70 60 b0 6e 17 9c 16 bc 33 94 8f dc 87 1c 2e 65 5f 80 b0 c7 e2 bb 6a f4 3b c8 60 00 83 b2 83 02 16 e1 3f 69 68 e4 62 45 17 99 ba 9d 9d b7 00 7d 2a 5a 5f 88 af 8b 22 5d 84 79 61 b8 38 c9 2f d4 62 3c 2f ee 0a 38 04 98 69 d8 af 45 cf 43 a8 9b 3e 6e dd 69 b8 01 0b 4d c5 2a d4 d8 5d 7a b1 5f 94 d0 5d 79 e7 c9 87 c6 d5 b9 5d 89 1b 44 f3 5a 14 67 85 e9 1a ef c2 74 b9 63 86 3e c2 71 a7 08 94 eb 44 58 ad 1a 5c 09 02 5c 4d 1b c8 2c 53 c1 71 b8 50 80
                                                                                                                  Data Ascii: *B~9jsg9P3[=[b'1\%}~i?2tmA@0!0VC\:*_Gp`n3.e_j;`?ihbE}*Z_"]ya8/b</8iEC>niM*]z_]y]DZgtc>qDX\\M,SqP
                                                                                                                  2024-09-06 11:54:12 UTC16384INData Raw: c2 6b ad 8a 70 f5 34 6b b8 40 3f ab 6c ff 6b b9 2f c1 49 79 7f 7f fe e2 4d 8e 52 97 9f 5c d2 a4 d2 9b 7f 21 19 ca ff db 31 e3 e4 f2 51 b8 7c 74 b3 4c aa e5 59 09 49 a3 cf 51 d6 87 a5 4c 6d 23 e7 30 3b 3e ce a2 ff dd d2 a2 4d 1f 0e 14 fd d7 52 7f fd 1c ea cf 13 55 dc a3 6d 85 4b 4e 63 b4 12 03 65 33 26 36 bd 72 f4 19 04 1a d9 86 f6 84 1c dd 9e ee 21 e8 65 4d aa 2f f0 f8 0a fb d1 85 1e 53 4d 3f 5f a5 fc d4 0d f8 28 79 f7 b1 c1 a5 fc 51 df bc 30 df bf cb 6f cb 2a 09 d7 1f 99 f4 19 6a 7e d9 a5 f8 7e 7b c5 59 31 55 b2 99 9f 7d 02 06 e8 6e c6 98 ec a9 7c 3f 2a 1d 34 e5 bd 0a 8f e7 88 3e 74 c3 0b e7 6b 10 2c 4f 53 5d 7c 86 e2 09 77 99 7d ee 02 3a 9d f3 a7 29 a2 13 79 ee 15 d2 a7 37 fd 67 b6 f7 67 33 72 df b2 23 59 ef 55 5d e5 6f cb 55 7e 43 6c b7 99 fc 2e 56 9e
                                                                                                                  Data Ascii: kp4k@?lk/IyMR\!1Q|tLYIQLm#0;>MRUmKNce3&6r!eM/SM?_(yQ0o*j~~{Y1U}n|?*4>tk,OS]|w}:)y7gg3r#YU]oU~Cl.V
                                                                                                                  2024-09-06 11:54:12 UTC16384INData Raw: 1d c0 e5 f5 0e 81 86 cd d1 7b 9c 8b 16 07 4d 31 65 8e 49 77 c3 9c 0b 06 79 cd 66 e0 72 84 3b 54 b9 74 ef 35 53 7d 3b 8c b0 a9 fd 1b 50 a9 de 74 45 72 7e 1b f0 2a c4 ee 75 56 a9 f1 4f 0b e2 ef 4c 0e 04 e6 c1 13 43 d1 a3 91 83 19 d3 3d c4 08 0f b5 d5 e1 f0 41 7b 02 cf 94 80 35 8c 5f 5f 02 90 85 fa 86 bb ab e1 02 93 a8 c3 01 b8 10 ce 1a 84 70 ba 2a 74 48 e2 74 7c 83 87 f5 42 38 70 15 c2 ce 65 08 08 86 a0 47 21 98 5b b8 58 62 21 c8 96 0d 6c 09 61 e7 32 c4 b3 5e a1 8d a0 20 7d 39 b0 28 5c c6 6d 21 84 b7 80 4c dc 70 c4 2e c4 f3 19 21 9c 8e d6 1f 96 d8 f4 9d 32 40 37 a4 47 84 1e d1 c7 65 89 5f 63 82 1d d4 5a 86 2d e5 f8 15 59 45 61 ea 67 ab 2d d9 61 85 e3 91 0f 94 e7 67 25 02 3d 4f 28 55 ad 17 c6 a0 29 6a 5d 21 2a cd 7e af 45 5e 0b 01 e5 6c bb ed 07 fa bc 5c f7
                                                                                                                  Data Ascii: {M1eIwyfr;Tt5S};PtEr~*uVOLC=A{5__p*tHt|B8peG![Xb!la2^ }9(\m!Lp.!2@7Ge_cZ-YEag-ag%=O(U)j]!*~E^l\
                                                                                                                  2024-09-06 11:54:12 UTC16384INData Raw: b4 4f 20 01 c9 6e d7 8b d6 eb 26 ee 09 6d 06 c3 c0 20 42 f6 62 01 a8 b8 2e 41 68 d5 3e af 78 77 09 5e a1 a8 7e 3d bf 65 90 da ff 6d 58 c3 e3 86 29 f6 22 00 98 2a 9c 68 97 65 63 ac 5c ad 09 2b 23 82 8f 3f 2b 34 4c 1f 01 76 0d 06 ed 44 0f a9 a0 b1 63 30 c2 0d f2 ad 15 f9 9d a6 73 4a 64 c6 38 b2 91 d1 0a 38 ec f1 61 a5 51 a1 65 d6 96 da 34 5b b9 be df 70 92 06 98 c1 37 67 b8 7a fd 34 cd 5e 44 c0 aa b0 27 6e 0c f2 e2 f9 5e 7c 0a 17 b4 b4 16 73 66 52 b2 05 40 56 84 20 c3 90 88 0a 5a 8e f1 3d 96 59 b7 5f a7 63 31 3c 17 3a a9 04 30 4b 80 0e 09 8b 60 e1 5d df da 55 e1 6d 20 56 de 3a 5a 4e 4e 36 25 71 5c 12 7e f1 93 97 31 94 a1 29 89 f2 0a 40 a9 02 bf 55 03 2f 98 74 5f 78 73 cb c5 29 4c e9 ad ef d3 e0 e9 ec 15 b9 9a 03 cf 91 db 7e f5 f0 08 3e bd 4a a1 b3 a7 63 d1
                                                                                                                  Data Ascii: O n&m Bb.Ah>xw^~=emX)"*hec\+#?+4LvDc0sJd88aQe4[p7gz4^D'n^|sfR@V Z=Y_c1<:0K`]Um V:ZNN6%q\~1)@U/t_xs)L~>Jc
                                                                                                                  2024-09-06 11:54:13 UTC16384INData Raw: e6 2c b7 a9 5c 69 a3 75 af d9 ba f6 11 ea 58 64 70 1a 03 5a 75 5c b5 f2 6d d4 e3 16 ed 7d 0a 76 94 c1 8e a7 30 9e 08 64 07 27 9d 18 c0 52 7d e4 67 ff 5d dd ba 83 b1 dc 5d 98 95 9f fd f7 4f 5a 26 c7 8a 7a a4 2b 67 ea ac d1 ee 4b f3 ee 5b 7c 55 87 5f ce 64 5a d1 d6 85 f4 9d 84 43 1d a5 d1 4e 33 c2 52 b6 ac ef d9 7f de 15 61 44 a2 b6 4f fe 03 39 27 95 29 d1 71 16 47 ff 7e 40 2f ff 09 6e 49 c5 ba 2c 58 72 fd b4 fc 2b 2f d4 a3 80 7f e2 4e fd ca 3b f8 f4 09 87 9a 38 33 24 7f 45 a2 7e d3 4f 4e 87 8c cb 8b 02 7f df 7f ff 57 75 a1 22 3d 51 a9 78 41 7d 1b c5 f8 9b d0 7f 72 fc 7d ff 85 6a 70 ab 5e dc aa 41 ca 56 bd b0 55 00 76 02 c7 a0 ea 57 7d b2 c3 fb 0a b5 58 bd 1f ab f6 63 d5 ec bd 82 b3 c7 5f d5 89 ed 15 3f f6 0a e5 7d 86 bf 7b f2 4f 82 f3 1a ea 09 06 a9 c9 03
                                                                                                                  Data Ascii: ,\iuXdpZu\m}v0d'R}g]]OZ&z+gK[|U_dZCN3RaDO9')qG~@/nI,Xr+/N;83$E~ONWu"=QxA}r}jp^AVUvW}Xc_?}{O
                                                                                                                  2024-09-06 11:54:13 UTC16384INData Raw: 34 82 9b a9 e1 c3 b1 e1 46 87 99 95 55 9a b4 be 3b 59 b1 6b f9 9e 4a 6a 38 c3 9d 71 93 60 68 53 6d 70 93 f4 d8 cb 92 d6 1c 64 0c 55 29 d1 f7 86 61 3a 23 da d5 06 e4 b2 85 18 31 bb 0e 46 71 38 52 33 8f 24 f5 9e 43 1a 6d 32 5a be 90 91 0a d3 47 69 32 eb 74 ec 30 03 b3 0a 2f 45 60 14 c3 56 8c 9b d3 2c f6 4c cc 87 6e 54 d0 da 28 ed 5d 8d 3a 4d 4a aa f1 2e 74 2f 9f 56 e9 a4 49 86 4c 15 33 4f 70 79 ad 9c 27 57 fe 5f f1 b5 af dc 2b a5 7e 6a ff d6 06 bc 0c 5d f6 df fe e1 b9 f2 44 21 e0 ef 42 ef 50 c9 9d 6d c4 b7 e0 a2 c1 1c b4 2f 36 29 c7 0d cd c5 5f 01 b2 80 f3 b0 10 3b 89 01 c5 9d d8 7c 07 2e 18 db 27 d6 4f f2 63 9c b0 f6 f2 ae c9 8b 6c b2 c4 37 76 c1 ad 55 68 26 ab 9f 6e 0d f6 97 8b d0 7b ae f0 47 ed 5d 9f e5 af 8e d0 8d 25 c1 76 f1 dc 48 82 c0 c8 4e c8 12 40
                                                                                                                  Data Ascii: 4FU;YkJj8q`hSmpdU)a:#1Fq8R3$Cm2ZGi2t0/E`V,LnT(]:MJ.t/VIL3Opy'W_+~j]D!BPm/6)_;|.'Ocl7vUh&n{G]%vHN@
                                                                                                                  2024-09-06 11:54:13 UTC16384INData Raw: 14 85 b6 9f 56 47 3e e9 1b d3 5f a5 ac 50 c3 87 e4 2f 7d 48 49 98 d9 64 0e 08 ef 71 ff 50 b9 f3 86 37 4a 22 88 52 55 4a 91 92 53 0e 3c c2 3f 65 33 a3 28 fd 5a 9a 2e 91 76 ec f5 34 94 dc 1a 84 a2 be c1 0e 7a 8b 67 39 3e 58 c7 23 2c 7e 30 2a a9 04 8f 00 e5 ea b9 90 8e 19 22 31 4f 88 ac 1a 1f 76 bd 44 ab b4 23 ff 6a 0e 16 d3 4b 19 b1 5f 46 1a 8c 28 02 0b 82 4d 75 9f bc a7 ab d3 c0 ac 12 2c 1a e1 ca 61 62 a5 73 bf 90 ea 26 30 cc b6 60 ae a5 03 4b 60 ea 7c b9 bf 27 e4 0d 14 35 5a 3a 2d d3 09 b2 1d da a4 23 ee 1b c6 42 eb 6f 46 58 98 31 2d 33 81 d2 c7 b9 ea 4a e4 45 53 f8 1b 85 d6 9a f9 1c dd e5 4a cf 08 96 59 af e8 ce 28 b3 02 0e 0d ee 14 62 4a 58 2a 40 44 d3 12 5b 39 93 33 26 50 17 82 cc e2 88 1a 71 ab dd fe 3c 12 6a 79 40 5e 32 8d a6 25 53 15 5e 3f 60 3e a6
                                                                                                                  Data Ascii: VG>_P/}HIdqP7J"RUJS<?e3(Z.v4zg9>X#,~0*"1OvD#jK_F(Mu,abs&0`K`|'5Z:-#BoFX1-3JESJY(bJX*@D[93&Pq<jy@^2%S^?`>


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  10192.168.2.54976513.107.246.404437576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:12 UTC711OUTGET /assets/domains_config_gz/2.8.76/asset?assetgroup=EntityExtractionDomainsConfig HTTP/1.1
                                                                                                                  Host: edgeassetservice.azureedge.net
                                                                                                                  Connection: keep-alive
                                                                                                                  Edge-Asset-Group: EntityExtractionDomainsConfig
                                                                                                                  Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                                                                                                  Sec-Mesh-Client-Edge-Channel: stable
                                                                                                                  Sec-Mesh-Client-OS: Windows
                                                                                                                  Sec-Mesh-Client-OS-Version: 10.0.19045
                                                                                                                  Sec-Mesh-Client-Arch: x86_64
                                                                                                                  Sec-Mesh-Client-WebView: 0
                                                                                                                  Sec-Fetch-Site: none
                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                  2024-09-06 11:54:13 UTC562INHTTP/1.1 200 OK
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:12 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 70207
                                                                                                                  Connection: close
                                                                                                                  Content-Encoding: gzip
                                                                                                                  Last-Modified: Fri, 02 Aug 2024 18:10:35 GMT
                                                                                                                  ETag: 0x8DCB31E67C22927
                                                                                                                  x-ms-request-id: ed2d6e16-301e-006f-0748-ffc0d3000000
                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                  x-azure-ref: 20240906T115412Z-16579567576h9nndaeer0cv35w0000000dug000000001b8k
                                                                                                                  Cache-Control: public, max-age=604800
                                                                                                                  x-fd-int-roxy-purgeid: 69316365
                                                                                                                  X-Cache: TCP_HIT
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  2024-09-06 11:54:13 UTC15822INData Raw: 1f 8b 08 08 1a 21 ad 66 02 ff 61 73 73 65 74 00 ec bd 0b 97 db 36 b2 30 f8 57 b2 b9 33 b3 dd 89 d5 d6 5b dd d9 cd fa f4 d3 f1 f8 39 6d 3b 19 db f1 d5 01 49 48 a2 45 91 0c 1f 6a ab c3 be bf 7d 0b 05 80 00 08 50 52 db ce 77 ef b7 67 67 9c 16 09 14 0a 40 a1 50 a8 2a 14 c0 3f bf f7 93 78 16 ce bf ff e9 bb 3f bf 2f 92 25 8d a7 51 b8 0a 0b 78 ef 8d bb dd 07 df 7d 9f 92 39 9d fa 65 91 cc 66 90 38 1c f4 59 62 40 67 a4 8c 8a 69 94 f8 24 a2 d3 15 49 11 81 c7 f0 c0 df 0e 3c 00 94 97 e3 6b de f1 08 7b a5 11 7b a5 51 67 9e e1 6b 8c af 71 a7 cc f1 15 81 69 de 59 7d c6 d7 02 5f 8b 0e a5 ec d5 c7 5c 3f ef f8 b7 ec 35 20 ec 35 20 9d 60 89 af 14 5f 69 27 40 e0 19 e6 ce 48 27 c4 8a 66 21 be 86 1d 78 60 af 19 be 66 9d 19 e6 2e b0 ec 82 76 c2 08 5f 31 77 91 75 16 3c b7 c4 d7
                                                                                                                  Data Ascii: !fasset60W3[9m;IHEj}PRwgg@P*?x?/%Qx}9ef8Yb@gi$I<k{{QgkqiY}_\?5 5 `_i'@H'f!x`f.v_1wu<
                                                                                                                  2024-09-06 11:54:13 UTC16384INData Raw: 30 96 c2 52 09 74 65 c0 2a 8a c3 88 95 9c 7c 3e a9 79 09 d4 fa 9a 9f 30 4a 49 28 2b d7 97 ff 7a 7b f9 fa cd f4 c9 05 68 2b 37 9c c1 08 01 cb 2f 28 f3 02 34 de 08 0c a6 34 da 38 c6 ec 48 27 33 28 96 9f 45 d9 4f 9f 12 f7 54 d2 47 a6 39 87 08 81 e9 6d 4f c1 43 97 10 bf ad 59 55 67 39 13 fe 1e 05 67 65 16 87 6c 9b f5 cb 90 60 eb 3d ea 25 09 33 8b f9 4a fb 10 ef 11 3b 7c e8 61 60 14 a0 60 b9 7c 16 e7 69 54 b1 c3 22 c0 e0 29 df c2 05 4c 8f bc f0 67 5e 04 75 33 51 9a b7 e1 61 1a 61 48 f5 c3 30 f7 62 91 d5 a8 34 39 2a 97 ff 2d f5 aa c1 c2 6c 78 e0 35 33 d1 42 b3 75 c4 be 3b f4 d0 68 83 51 a7 81 2d a0 ff 0d 5d 10 62 ed 7f 55 a5 99 9f 25 2b 2f a4 4d 09 21 65 43 c7 04 cf 93 19 f3 c1 d0 b6 e9 14 38 59 31 29 8b 4d 52 3a c4 97 c1 d0 1d 5d d0 58 b3 51 22 09 e8 37 c0 b1
                                                                                                                  Data Ascii: 0Rte*|>y0JI(+z{h+7/(448H'3(EOTG9mOCYUg9gel`=%3J;|a``|iT")Lg^u3QaaH0b49*-lx53Bu;hQ-]bU%+/M!eC8Y1)MR:]XQ"7
                                                                                                                  2024-09-06 11:54:13 UTC16384INData Raw: 4d 9a a5 bf dc f0 20 15 b1 bc 1f 82 9a 8d 98 a7 af db 80 6b 74 e7 ab 7c e6 18 7d 9a 2b 3e 34 2d 1a e7 c0 d5 e8 b4 a0 0e d4 7d 19 bb 69 52 58 a2 33 32 78 db 4b 2d cd 54 dd d2 2b 9c a0 29 69 1a ba 4a ee 0a 4d 33 5a 7b a7 1a 83 5f f3 f7 fe 2c 2f 84 3b 39 d0 56 82 ef 75 a4 f3 69 57 af 58 09 8c 2a 1d 24 b9 4e 6b cf 63 d0 74 99 e3 02 0f 26 7f 1a 86 a9 a8 69 fa 5a d8 25 83 c1 ea f8 fd 12 62 16 86 38 17 5a 19 6f 13 03 00 e6 6a 07 a4 40 be bb 20 de a6 de bf d1 06 75 32 1f c3 4f 67 41 ad 31 bd b0 9c ee 44 47 33 2a 92 9c d3 f6 35 64 a9 b1 d3 f6 b1 c7 a7 b4 80 af ea c1 2a 6c dd 81 a0 0b 67 ca d2 b2 11 7c 8d dc 39 47 56 d1 bd 08 e8 ec 3e 4f c9 56 d6 7a d3 9a 56 4d 17 50 41 9b 17 9b 37 36 da 2e 7c a4 ba 63 f5 72 cd 6b 58 b5 9b 70 5a 19 73 3e 85 d2 c6 f8 80 22 71 cd f5
                                                                                                                  Data Ascii: M kt|}+>4-}iRX32xK-T+)iJM3Z{_,/;9VuiWX*$Nkct&iZ%b8Zoj@ u2OgA1DG3*5d*lg|9GV>OVzVMPA76.|crkXpZs>"q
                                                                                                                  2024-09-06 11:54:13 UTC16384INData Raw: d1 b5 2e 37 a4 97 5f 43 54 c9 8d d7 76 7a 14 e4 6f 3b 80 f7 6a 61 e8 6f 47 e9 2d cb 60 84 66 2b c0 b9 77 09 1b c0 32 5c aa 6c 0e 25 81 ed a0 5e 61 25 37 6f 3c a5 bc 1f 04 1a dd b1 04 1d c9 73 16 3a 58 a8 69 4d 12 c1 5e e9 66 5f 14 6c e4 9e d4 61 25 e1 2f c3 fc b8 ed df 80 5d 2b 3a 5b 4c 56 c9 72 1f 59 1d 6a 72 0b d2 b0 4c 8e d5 67 db 16 79 41 90 65 4f 4b 68 63 f6 d1 e5 db b6 6a 18 e6 ca 5f 04 79 2e 71 69 5d 0e 19 cc d9 f6 58 27 58 af 1c 18 04 f1 98 d2 bf 15 1e 37 ce e0 1e 88 54 83 3c 82 f8 a8 05 5f b0 1b 3f 2f 02 8f 31 a4 e9 1d ed 45 e6 e4 85 e6 b9 66 4c fd cd 8d e4 58 f7 79 73 8b 47 40 25 b6 0d 7f 78 ff a8 fe e7 7d 69 4a fc 00 c7 b0 37 a9 44 f0 40 1e e8 bd 41 8a b4 0a 5d 5a 2c 0e 60 f7 fb 81 3b 35 42 38 50 3b bc 9c d4 76 22 35 66 3f 5d d9 fb 8e 7d 65 84
                                                                                                                  Data Ascii: .7_CTvzo;jaoG-`f+w2\l%^a%7o<s:XiM^f_la%/]+:[LVrYjrLgyAeOKhcj_y.qi]X'X7T<_?/1EfLXysG@%x}iJ7D@A]Z,`;5B8P;v"5f?]}e
                                                                                                                  2024-09-06 11:54:13 UTC5233INData Raw: 0f 79 ac a9 56 57 20 b1 61 ca d2 f5 ed 38 df 10 b9 60 88 4c 48 ac b1 cd 10 b5 8f 76 49 19 f2 b6 d5 54 1d d1 9c b1 20 7a d3 64 f7 91 a2 0c 4d 73 6d e0 da be ee e6 87 03 9f 5e f7 4f 98 9c 12 cd 88 68 4c 2e b1 48 00 60 c3 31 74 31 8d 87 b4 32 56 02 4f bf e1 a9 3b c0 40 d6 24 8e 10 55 c7 c3 e7 8c f3 78 28 78 d3 94 de b0 5a 4d 22 eb 28 5c 22 00 98 8e 15 1a f8 ab ac 54 f4 5d 80 d0 a5 aa 6e 87 83 fd d6 f1 b0 c0 82 f7 f4 5e ef 2f 2b b8 62 a2 13 a1 4d ae 60 cf 59 3c b1 b1 f4 40 4d 41 74 7c ac 2c 5a 9e ef f4 d2 81 6d 69 e1 d3 8b 73 2c 84 2c 06 37 fd 72 38 10 a5 b2 13 51 f1 a0 a2 06 7d 3f 89 8f 72 35 a0 58 a0 46 79 2f b7 1f cc 57 92 ec c8 b4 b5 f2 5c 65 e7 30 5a 93 e3 b1 8e 5f f5 91 44 87 44 19 1d 59 83 cf 54 85 de 92 34 2e 26 d2 d8 ca 80 2c 56 f9 34 27 86 21 28 e6
                                                                                                                  Data Ascii: yVW a8`LHvIT zdMsm^OhL.H`1t12VO;@$Ux(xZM"(\"T]n^/+bM`Y<@MAt|,Zmis,,7r8Q}?r5XFy/W\e0Z_DDYT4.&,V4'!(


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  11192.168.2.549772142.251.40.1104437576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:13 UTC561OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                                                                  Host: play.google.com
                                                                                                                  Connection: keep-alive
                                                                                                                  Accept: */*
                                                                                                                  Access-Control-Request-Method: POST
                                                                                                                  Access-Control-Request-Headers: x-goog-authuser
                                                                                                                  Origin: https://accounts.google.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                  Sec-Fetch-Site: same-site
                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                  Referer: https://accounts.google.com/
                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                  2024-09-06 11:54:13 UTC520INHTTP/1.1 200 OK
                                                                                                                  Access-Control-Allow-Origin: https://accounts.google.com
                                                                                                                  Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                  Access-Control-Max-Age: 86400
                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                  Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                                                                  Content-Type: text/plain; charset=UTF-8
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:13 GMT
                                                                                                                  Server: Playlog
                                                                                                                  Content-Length: 0
                                                                                                                  X-XSS-Protection: 0
                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                  Connection: close


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  12192.168.2.549771142.251.40.1104437576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:13 UTC561OUTOPTIONS /log?format=json&hasfast=true&authuser=0 HTTP/1.1
                                                                                                                  Host: play.google.com
                                                                                                                  Connection: keep-alive
                                                                                                                  Accept: */*
                                                                                                                  Access-Control-Request-Method: POST
                                                                                                                  Access-Control-Request-Headers: x-goog-authuser
                                                                                                                  Origin: https://accounts.google.com
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                  Sec-Fetch-Mode: cors
                                                                                                                  Sec-Fetch-Site: same-site
                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                  Referer: https://accounts.google.com/
                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                  2024-09-06 11:54:13 UTC520INHTTP/1.1 200 OK
                                                                                                                  Access-Control-Allow-Origin: https://accounts.google.com
                                                                                                                  Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                  Access-Control-Max-Age: 86400
                                                                                                                  Access-Control-Allow-Credentials: true
                                                                                                                  Access-Control-Allow-Headers: X-Playlog-Web,authorization,origin,x-goog-authuser
                                                                                                                  Content-Type: text/plain; charset=UTF-8
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:13 GMT
                                                                                                                  Server: Playlog
                                                                                                                  Content-Length: 0
                                                                                                                  X-XSS-Protection: 0
                                                                                                                  X-Frame-Options: SAMEORIGIN
                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                  Connection: close


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  13192.168.2.54977413.107.246.404437576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:13 UTC438OUTGET /assets/edge_hub_apps_action_center_maximal_light.png/1.2.1/asset HTTP/1.1
                                                                                                                  Host: edgeassetservice.azureedge.net
                                                                                                                  Connection: keep-alive
                                                                                                                  Sec-Fetch-Site: none
                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                  2024-09-06 11:54:14 UTC543INHTTP/1.1 200 OK
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:13 GMT
                                                                                                                  Content-Type: image/png
                                                                                                                  Content-Length: 1579
                                                                                                                  Connection: close
                                                                                                                  Last-Modified: Fri, 03 Nov 2023 21:43:08 GMT
                                                                                                                  ETag: 0x8DBDCB5DE99522A
                                                                                                                  x-ms-request-id: b82236bc-001e-000a-3bd3-ff718e000000
                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                  x-azure-ref: 20240906T115413Z-16579567576phhfj0h0z9mnmag0000000dsg00000000611r
                                                                                                                  Cache-Control: public, max-age=604800
                                                                                                                  x-fd-int-roxy-purgeid: 69316365
                                                                                                                  X-Cache: TCP_HIT
                                                                                                                  X-Cache-Info: L1_T2
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  2024-09-06 11:54:14 UTC1579INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 c0 49 44 41 54 78 01 ed 58 4f 8b 5c 45 10 af 7a f3 66 66 15 c5 fd 00 42 66 f2 05 b2 22 c2 1e 54 d6 4f 90 15 c1 63 d8 e0 49 04 37 01 11 11 25 89 e0 d5 04 0f 1a f0 e0 e6 62 c4 cb 1e 44 50 21 b8 df 20 7b f0 4f 6e 1b 4f 8b 20 cc 7a 89 b3 ef 75 57 f9 ab ea 9e 37 cb 66 77 66 36 93 83 84 ad a4 d3 fd de eb 79 fd 7b bf fa 55 75 75 88 4e ed d4 9e 20 5b d9 dc ed 2d df de ed d1 63 34 a6 39 6c e5 fb c1 4a 54 39 2f 42 ab 22 d2 8b 91 54 a2 92 d4 91 63 90 6d 09 74 57 2a fd fc b7 77 9e df a6 47 b4 47 02 b8 f2 f3 60 29
                                                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxXO\EzffBf"TOcI7%bDP! {OnO zuW7fwf6y{UuuN [-c49lJT9/B"TcmtW*wGG`)


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  14192.168.2.549780142.251.41.44437576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:14 UTC881OUTGET /favicon.ico HTTP/1.1
                                                                                                                  Host: www.google.com
                                                                                                                  Connection: keep-alive
                                                                                                                  sec-ch-ua: "Not;A=Brand";v="8", "Chromium";v="117", "Google Chrome";v="117"
                                                                                                                  sec-ch-ua-mobile: ?0
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36
                                                                                                                  sec-ch-ua-arch: "x86"
                                                                                                                  sec-ch-ua-full-version: "117.0.5938.132"
                                                                                                                  sec-ch-ua-platform-version: "10.0.0"
                                                                                                                  sec-ch-ua-full-version-list: "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132", "Google Chrome";v="117.0.5938.132"
                                                                                                                  sec-ch-ua-bitness: "64"
                                                                                                                  sec-ch-ua-model: ""
                                                                                                                  sec-ch-ua-wow64: ?0
                                                                                                                  sec-ch-ua-platform: "Windows"
                                                                                                                  Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                  Sec-Fetch-Site: same-site
                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                  Sec-Fetch-Dest: image
                                                                                                                  Referer: https://accounts.google.com/
                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                  2024-09-06 11:54:14 UTC705INHTTP/1.1 200 OK
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  Cross-Origin-Resource-Policy: cross-origin
                                                                                                                  Cross-Origin-Opener-Policy-Report-Only: same-origin; report-to="static-on-bigtable"
                                                                                                                  Report-To: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
                                                                                                                  Content-Length: 5430
                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                  Server: sffe
                                                                                                                  X-XSS-Protection: 0
                                                                                                                  Date: Fri, 06 Sep 2024 11:09:08 GMT
                                                                                                                  Expires: Sat, 14 Sep 2024 11:09:08 GMT
                                                                                                                  Cache-Control: public, max-age=691200
                                                                                                                  Last-Modified: Tue, 22 Oct 2019 18:30:00 GMT
                                                                                                                  Content-Type: image/x-icon
                                                                                                                  Vary: Accept-Encoding
                                                                                                                  Age: 2706
                                                                                                                  Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                  Connection: close
                                                                                                                  2024-09-06 11:54:14 UTC685INData Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 30 fd fd fd 96 fd fd fd d8 fd fd fd f9 fd fd fd f9 fd fd fd d7 fd fd fd 94 fe fe fe 2e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd 99 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 95 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 09 fd fd fd c1 ff ff ff ff fa fd f9 ff b4 d9 a7 ff 76 ba 5d ff 58 ab 3a ff 58 aa 3a ff 72 b8 59 ff ac d5 9d ff f8 fb f6 ff ff
                                                                                                                  Data Ascii: h& ( 0.v]X:X:rY
                                                                                                                  2024-09-06 11:54:14 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d8 fd fd fd 99 ff ff ff ff 92 cf fb ff 37 52 ec ff 38 46 ea ff d0 d4 fa ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 96 fe fe fe 32 ff ff ff ff f9 f9 fe ff 56 62 ed ff 35 43 ea ff 3b 49 eb ff 95 9c f4 ff cf d2 fa ff d1 d4 fa ff 96 9d f4 ff 52 5e ed ff e1 e3 fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 30 00 00 00 00 fd fd fd 9d ff ff ff ff e8 ea fd ff 58 63 ee ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 35 43 ea ff 6c 76 f0 ff ff ff ff ff ff ff ff ff fd fd fd 98 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd c3 ff ff ff ff f9 f9 fe ff a5 ac f6 ff 5d 69 ee ff 3c 4a
                                                                                                                  Data Ascii: 7R8F2Vb5C;IR^0Xc5C5C5C5C5C5Clv]i<J
                                                                                                                  2024-09-06 11:54:14 UTC1390INData Raw: ff ff ff ff ff ff ff ff ff ff ff fd fd fd d0 ff ff ff 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fd fd fd 8b ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff b1 d8 a3 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 60 a5 35 ff ca 8e 3e ff f9 c1 9f ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd 87 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 25 fd fd fd fb ff ff ff ff ff ff ff ff ff ff ff ff c2 e0 b7 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 53 a8 34 ff 6e b6 54 ff 9f ce 8d ff b7 da aa ff b8 db ab ff a5 d2 95 ff 7b bc 64 ff 54 a8 35 ff 53 a8 34 ff 77 a0 37 ff e3 89 41 ff f4 85 42 ff f4 85 42 ff
                                                                                                                  Data Ascii: S4S4S4S4S4S4S4S4S4S4S4S4S4S4`5>%S4S4S4S4S4S4nT{dT5S4w7ABB
                                                                                                                  2024-09-06 11:54:14 UTC1390INData Raw: ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff f4 85 42 ff fb d5 bf ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd ea fd fd fd cb ff ff ff ff ff ff ff ff ff ff ff ff 46 cd fc ff 05 bc fb ff 05 bc fb ff 05 bc fb ff 21 ae f9 ff fb fb ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd c8 fd fd fd 9c ff ff ff ff ff ff ff ff ff ff ff ff 86 df fd ff 05 bc fb ff 05 bc fb ff 15 93 f5 ff 34 49 eb ff b3 b8 f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                  Data Ascii: BBBBBBF!4I
                                                                                                                  2024-09-06 11:54:14 UTC575INData Raw: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd d2 fe fe fe 24 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 0a fd fd fd 8d fd fd fd fc ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff fd fd fd fb fd fd fd 8b fe fe fe 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fe fe fe 27 fd fd fd 9f fd fd fd f7 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                                                                                                  Data Ascii: $'


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  15192.168.2.54977813.107.246.404437576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:14 UTC431OUTGET /assets/edge_hub_apps_search_maximal_light.png/1.3.6/asset HTTP/1.1
                                                                                                                  Host: edgeassetservice.azureedge.net
                                                                                                                  Connection: keep-alive
                                                                                                                  Sec-Fetch-Site: none
                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                  2024-09-06 11:54:14 UTC536INHTTP/1.1 200 OK
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:14 GMT
                                                                                                                  Content-Type: image/png
                                                                                                                  Content-Length: 1966
                                                                                                                  Connection: close
                                                                                                                  Last-Modified: Fri, 03 Nov 2023 21:43:31 GMT
                                                                                                                  ETag: 0x8DBDCB5EC122A94
                                                                                                                  x-ms-request-id: 25350ece-301e-002b-08d4-fa1cbf000000
                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                  x-azure-ref: 20240906T115414Z-16579567576l8zffr7mt4xy2un0000000de000000000f7kf
                                                                                                                  Cache-Control: public, max-age=604800
                                                                                                                  x-fd-int-roxy-purgeid: 0
                                                                                                                  X-Cache-Info: L1_T2
                                                                                                                  X-Cache: TCP_HIT
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  2024-09-06 11:54:14 UTC1966INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 43 49 44 41 54 78 01 ed 97 5b 68 5c 75 1e c7 7f ff 73 f9 9f 49 d2 49 4f da 98 b4 6a d7 d9 c5 16 bc b0 4e c1 bd c8 6e d8 99 07 1f 74 1f 9a e0 2a 15 77 d7 06 0b 82 0f d5 3c 54 10 1f 3a 41 d0 2a 8a 2d 55 29 68 4d 14 1f 6a d3 92 3c 28 58 45 92 fa d0 0a 82 8e 48 14 6a 6b 53 d0 b4 21 4d e7 cc 64 6e 67 ce cd ef ef 64 4e 48 ed c5 74 d2 e8 4b 7f c3 9f ff b9 cd 39 9f f3 fd ff 6e 87 e8 ba 2d cd c4 62 2f 1c 1a 1a 4a 29 8a b2 c9 f3 bc 44 10 04 3c c8 71 1c 0b fb 59 8c af 71 6e a4 b7 b7 d7 a2 6b 6c bf 0a 38 3c 3c fc
                                                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaCIDATx[h\usIIOjNnt*w<T:A*-U)hMj<(XEHjkS!MdngdNHtK9n-b/J)D<qYqnkl8<<


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  16192.168.2.54977913.107.246.404437576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:14 UTC433OUTGET /assets/edge_hub_apps_shopping_maximal_light.png/1.4.0/asset HTTP/1.1
                                                                                                                  Host: edgeassetservice.azureedge.net
                                                                                                                  Connection: keep-alive
                                                                                                                  Sec-Fetch-Site: none
                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                  2024-09-06 11:54:14 UTC536INHTTP/1.1 200 OK
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:14 GMT
                                                                                                                  Content-Type: image/png
                                                                                                                  Content-Length: 1751
                                                                                                                  Connection: close
                                                                                                                  Last-Modified: Tue, 17 Oct 2023 00:34:33 GMT
                                                                                                                  ETag: 0x8DBCEA8D5AACC85
                                                                                                                  x-ms-request-id: 1e6d2d82-a01e-0061-7c30-fe2cd8000000
                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                  x-azure-ref: 20240906T115414Z-16579567576w5bqfyu10zdac7g0000000dqg000000003cr1
                                                                                                                  Cache-Control: public, max-age=604800
                                                                                                                  x-fd-int-roxy-purgeid: 0
                                                                                                                  X-Cache-Info: L1_T2
                                                                                                                  X-Cache: TCP_HIT
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  2024-09-06 11:54:14 UTC1751INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 06 6c 49 44 41 54 78 01 ed 98 4d 6c 54 55 14 c7 cf 9d ce b4 52 09 42 85 b8 40 ed f3 23 44 37 0a b8 32 71 01 71 a1 89 1b dc 08 3b ab 0b 64 87 b8 30 84 10 3a c3 c2 a5 1a 57 b8 52 16 26 6e 8c 10 3f 91 c5 a0 a2 21 0d d1 c6 18 63 34 9a 91 b8 c0 40 6c a1 ed cc 7b ef 7e 1c ff e7 de fb e6 4d 3f a0 1f d4 e8 a2 17 5e de eb ed 9b f7 7e f7 7f ce f9 9f 3b 25 5a 1b 6b e3 bf 1d 8a 56 71 d4 cf f2 2e 36 34 ca 44 bb d8 11 15 07 71 cf 19 ff 71 ad 08 3f 3b 4b 13 4e bb 3f 74 27 1f cf 3a d4 38 71 68 5d eb 5f 03 3c 76 86 9f c7
                                                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAalIDATxMlTURB@#D72qq;d0:WR&n?!c4@l{~M?^~;%ZkVq.64Dqq?;KN?t':8qh]_<v


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  17192.168.2.54977713.107.246.404437576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:14 UTC433OUTGET /assets/edge_hub_apps_toolbox_maximal_light.png/1.5.13/asset HTTP/1.1
                                                                                                                  Host: edgeassetservice.azureedge.net
                                                                                                                  Connection: keep-alive
                                                                                                                  Sec-Fetch-Site: none
                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                  2024-09-06 11:54:14 UTC536INHTTP/1.1 200 OK
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:14 GMT
                                                                                                                  Content-Type: image/png
                                                                                                                  Content-Length: 1427
                                                                                                                  Connection: close
                                                                                                                  Last-Modified: Fri, 03 Nov 2023 21:43:36 GMT
                                                                                                                  ETag: 0x8DBDCB5EF021F8E
                                                                                                                  x-ms-request-id: 493a985f-801e-0076-6330-feecbb000000
                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                  x-azure-ref: 20240906T115414Z-16579567576txfkctmnqv2e9c40000000dfg00000000dy99
                                                                                                                  Cache-Control: public, max-age=604800
                                                                                                                  x-fd-int-roxy-purgeid: 0
                                                                                                                  X-Cache-Info: L1_T2
                                                                                                                  X-Cache: TCP_HIT
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  2024-09-06 11:54:14 UTC1427INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 28 49 44 41 54 78 01 ed 57 cd 6b 24 45 14 7f af 67 86 c4 5d cd 8e 9b 05 d1 3d ec e8 1f 20 5e 3d 28 eb 41 04 41 44 10 3c 66 d1 53 92 d3 42 40 72 da 11 84 5c b3 7f 80 24 39 48 40 d4 8b 17 2f b2 e2 1f a0 1e 25 a7 01 11 16 17 35 1f f3 d1 dd d5 55 cf 57 df d5 d3 eb 4e 5a f0 22 53 a1 52 9d 57 5d ef fd de ef 7d 74 05 60 39 96 63 39 96 e3 3f 1d 08 ff 62 1c 1f 1f df e6 e5 9e 52 ea 15 5e fb bc 02 11 99 a9 9f f5 e4 41 52 4a 74 7b df f3 7a 77 7b 7b fb 67 68 39 5a 03 3c 3a 3a da 40 c4 43 0f ea 1f 56 3d 34 38 e2 89
                                                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAa(IDATxWk$Eg]= ^=(AAD<fSB@r\$9H@/%5UWNZ"SRW]}t`9c9?bR^ARJt{zw{{gh9Z<::@CV=48


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  18192.168.2.54977613.107.246.404437576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:14 UTC430OUTGET /assets/edge_hub_apps_games_maximal_light.png/1.7.1/asset HTTP/1.1
                                                                                                                  Host: edgeassetservice.azureedge.net
                                                                                                                  Connection: keep-alive
                                                                                                                  Sec-Fetch-Site: none
                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                  2024-09-06 11:54:14 UTC522INHTTP/1.1 200 OK
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:14 GMT
                                                                                                                  Content-Type: image/png
                                                                                                                  Content-Length: 2008
                                                                                                                  Connection: close
                                                                                                                  Last-Modified: Tue, 10 Oct 2023 17:24:26 GMT
                                                                                                                  ETag: 0x8DBC9B5C0C17219
                                                                                                                  x-ms-request-id: 99f39b71-d01e-004c-0354-ffaf18000000
                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                  x-azure-ref: 20240906T115414Z-16579567576pgh4h94c7qn0kuc0000000dxg0000000025h2
                                                                                                                  Cache-Control: public, max-age=604800
                                                                                                                  x-fd-int-roxy-purgeid: 69316365
                                                                                                                  X-Cache: TCP_HIT
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  2024-09-06 11:54:14 UTC2008INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 07 6d 49 44 41 54 78 01 ed 98 bf 6f 14 47 14 c7 df ec 9d 11 48 48 5c aa 94 de 74 74 18 45 a9 59 24 0a d2 24 54 91 a0 f1 39 44 24 45 24 ec 32 0d be 28 05 44 14 98 2a e9 7c 96 50 e4 26 32 11 2d 02 47 91 02 4d 64 a3 08 25 92 a5 70 fc 05 18 ff 38 df ed af 97 ef 77 76 66 bd 36 07 67 9b 58 69 18 69 34 b3 b3 bb b3 9f fb ce 7b 6f de 9c c8 bb f2 76 c5 c8 21 95 bf 66 35 4c 33 59 8a 33 6d e0 33 53 1f 7e 69 66 38 fe 74 56 c7 b2 54 1e 26 a9 34 f2 4c a6 3e fa ba 18 ff e3 96 36 7b 89 cc 6e f5 45 92 2c 9b f8 b8 55 6f 73
                                                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAamIDATxoGHH\ttEY$$T9D$E$2(D*|P&2-GMd%p8wvf6gXii4{ov!f5L3Y3m3S~if8tVT&4L>6{nE,Uos


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  19192.168.2.54977513.107.246.404437576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:14 UTC422OUTGET /assets/edge_hub_apps_M365_light.png/1.7.32/asset HTTP/1.1
                                                                                                                  Host: edgeassetservice.azureedge.net
                                                                                                                  Connection: keep-alive
                                                                                                                  Sec-Fetch-Site: none
                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                  2024-09-06 11:54:14 UTC515INHTTP/1.1 200 OK
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:14 GMT
                                                                                                                  Content-Type: image/png
                                                                                                                  Content-Length: 2229
                                                                                                                  Connection: close
                                                                                                                  Last-Modified: Wed, 25 Oct 2023 19:48:24 GMT
                                                                                                                  ETag: 0x8DBD59359A9E77B
                                                                                                                  x-ms-request-id: 453f1ddb-801e-005f-6ffe-fa9af9000000
                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                  x-azure-ref: 20240906T115414Z-16579567576txfkctmnqv2e9c40000000dgg00000000bw17
                                                                                                                  Cache-Control: public, max-age=604800
                                                                                                                  x-fd-int-roxy-purgeid: 0
                                                                                                                  X-Cache: TCP_HIT
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  2024-09-06 11:54:14 UTC2229INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 08 4a 49 44 41 54 78 01 ed 98 6d 88 5c 57 19 c7 9f e7 dc 7b 37 89 49 9a dd 6c 5e d6 96 c0 c4 36 a1 d5 2f 49 a1 92 22 ea 06 ac a4 41 21 05 41 2a e8 ee 16 a4 82 e0 26 62 a5 b5 92 99 f1 8b 2f 68 b3 fd 92 16 ad 64 fb 29 16 62 53 6d 68 17 15 b2 a2 ed 07 b1 6c a8 95 d6 97 74 36 a9 35 69 d2 90 dd 6d bb 9b 99 7b ce 79 fc 3f e7 dc d9 8d 99 24 b3 2f f9 d8 03 77 9e 7b ce dc b9 e7 77 ff cf cb 39 77 88 3e 6c 4b 6b 4c 37 a8 f5 ee 1d 2b a5 44 25 c2 47 9a d2 f8 c8 8f b6 8f d3 0d 68 4b 06 dc f1 8d df f7 ae cc ba cb 6c a8
                                                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaJIDATxm\W{7Il^6/I"A!A*&b/hd)bSmhlt65im{y?$/w{w9w>lKkL7+D%GhKl


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  20192.168.2.54978413.107.246.404437576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:14 UTC425OUTGET /assets/edge_hub_apps_outlook_light.png/1.9.10/asset HTTP/1.1
                                                                                                                  Host: edgeassetservice.azureedge.net
                                                                                                                  Connection: keep-alive
                                                                                                                  Sec-Fetch-Site: none
                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                  2024-09-06 11:54:14 UTC522INHTTP/1.1 200 OK
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:14 GMT
                                                                                                                  Content-Type: image/png
                                                                                                                  Content-Length: 1154
                                                                                                                  Connection: close
                                                                                                                  Last-Modified: Wed, 25 Oct 2023 19:48:30 GMT
                                                                                                                  ETag: 0x8DBD5935D5B3965
                                                                                                                  x-ms-request-id: d980f417-701e-004a-5a07-ff5860000000
                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                  x-azure-ref: 20240906T115414Z-165795675767hwjqv3v00bvq340000000dyg000000007fcm
                                                                                                                  Cache-Control: public, max-age=604800
                                                                                                                  x-fd-int-roxy-purgeid: 69316365
                                                                                                                  X-Cache: TCP_HIT
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  2024-09-06 11:54:14 UTC1154INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 04 17 49 44 41 54 78 01 ed 97 cf 6f db 64 18 c7 bf 76 6a ea 34 69 e3 26 4b d4 b4 30 d2 f1 ab 4c 9a 96 c1 6e ed a1 30 0e 5c 10 4c b0 d3 0e ed 05 c1 05 35 3d ec 00 97 66 ff 41 72 43 02 a9 1a bb 70 03 c4 0d 6d 62 48 4c e2 f7 3a 0a 62 17 56 6b ab d6 aa cd 1a 37 4d 66 c7 89 fd ee 7d 9d 25 6b 1b 27 b1 1b 57 bd e4 23 39 f1 ef 7e fa 3c ef f3 bc 6f 80 1e 3d 8e 16 ce e9 8d c2 87 3f 24 4d 42 7e 04 88 04 2f e1 20 13 82 ac f9 e5 db 19 bb cb 3c 1c 62 10 73 d1 73 39 06 41 82 03 b7 80 d9 6f 6c df ed 38 82 13 5f 6f 10 b8
                                                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaIDATxodvj4i&K0Ln0\L5=fArCpmbHL:bVk7Mf}%k'W#9~<o=?$MB~/ <bss9Aol8_o


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  21192.168.2.54978513.107.246.404437576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:15 UTC431OUTGET /assets/edge_hub_apps_edrop_maximal_light.png/1.1.12/asset HTTP/1.1
                                                                                                                  Host: edgeassetservice.azureedge.net
                                                                                                                  Connection: keep-alive
                                                                                                                  Sec-Fetch-Site: none
                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                  2024-09-06 11:54:15 UTC543INHTTP/1.1 200 OK
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:15 GMT
                                                                                                                  Content-Type: image/png
                                                                                                                  Content-Length: 1468
                                                                                                                  Connection: close
                                                                                                                  Last-Modified: Fri, 03 Nov 2023 21:43:14 GMT
                                                                                                                  ETag: 0x8DBDCB5E23DFC43
                                                                                                                  x-ms-request-id: f8a0931b-601e-0038-3afc-fe295e000000
                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                  x-azure-ref: 20240906T115415Z-16579567576p25xcxh3nycmsaw0000000dcg00000000muku
                                                                                                                  Cache-Control: public, max-age=604800
                                                                                                                  x-fd-int-roxy-purgeid: 69316365
                                                                                                                  X-Cache: TCP_HIT
                                                                                                                  X-Cache-Info: L1_T2
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  2024-09-06 11:54:15 UTC1468INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 28 00 00 00 28 08 06 00 00 00 8c fe b8 6d 00 00 00 09 70 48 59 73 00 00 16 25 00 00 16 25 01 49 52 24 f0 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 05 51 49 44 41 54 78 01 ed 97 4b 6c 54 55 18 c7 ff e7 4e 19 62 da e0 b0 a1 01 03 5c 82 51 7c 52 16 1a 6d 6b 42 57 c4 c7 c2 2e 8c 26 24 46 62 44 17 26 b4 04 62 5c a0 ad 1a 63 dc c8 82 85 89 26 b4 09 68 89 1a a7 18 79 24 1a c6 05 75 41 02 17 19 23 46 03 13 10 4a 35 c8 50 fa 9a b9 f7 9c cf ef 3c ee 74 a6 96 76 da a6 2b e6 4b 4f ef cc b9 e7 9e ef 77 ff df e3 de 01 6a 56 b3 9a d5 ec ce 36 81 45 b6 cd 67 28 85 89 89 14 22 f8 20 e9 4b 0f 29 41 22 25 3c ac 85 42 8a a4 f2 a9 a8 52 8d e1 c5 d4 d5 70 75 3e 49 de a6
                                                                                                                  Data Ascii: PNGIHDR((mpHYs%%IR$sRGBgAMAaQIDATxKlTUNb\Q|RmkBW.&$FbD&b\c&hy$uA#FJ5P<tv+KOwjV6Eg(" K)A"%<BRpu>I


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  22192.168.2.54978713.107.246.404437576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:15 UTC478OUTGET /assets/product_category_en/1.0.0/asset?assetgroup=ProductCategories HTTP/1.1
                                                                                                                  Host: edgeassetservice.azureedge.net
                                                                                                                  Connection: keep-alive
                                                                                                                  Edge-Asset-Group: ProductCategories
                                                                                                                  Sec-Fetch-Site: none
                                                                                                                  Sec-Fetch-Mode: no-cors
                                                                                                                  Sec-Fetch-Dest: empty
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                  2024-09-06 11:54:15 UTC538INHTTP/1.1 200 OK
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:15 GMT
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Content-Length: 82989
                                                                                                                  Connection: close
                                                                                                                  Last-Modified: Thu, 25 May 2023 20:28:02 GMT
                                                                                                                  ETag: 0x8DB5D5E89CE25EB
                                                                                                                  x-ms-request-id: f9285315-801e-0010-24d3-ff5ee1000000
                                                                                                                  x-ms-version: 2009-09-19
                                                                                                                  x-ms-lease-status: unlocked
                                                                                                                  x-ms-blob-type: BlockBlob
                                                                                                                  x-azure-ref: 20240906T115415Z-16579567576l4p9bs8an1npq1n0000000dhg00000000f8vs
                                                                                                                  Cache-Control: public, max-age=604800
                                                                                                                  x-fd-int-roxy-purgeid: 69316365
                                                                                                                  X-Cache: TCP_HIT
                                                                                                                  Accept-Ranges: bytes
                                                                                                                  2024-09-06 11:54:15 UTC15846INData Raw: 0a 22 08 f2 33 12 1d 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0d 42 65 6c 74 73 20 26 20 48 6f 73 65 73 0a 23 08 d7 2b 12 1e 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 09 41 69 72 20 50 75 6d 70 73 0a 21 08 b8 22 12 1c 0a 0c 43 61 72 20 26 20 47 61 72 61 67 65 12 0c 42 6f 64 79 20 53 74 79 6c 69 6e 67 0a 34 08 c3 35 12 2f 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 13 53 70 69 63 65 73 20 26 20 53 65 61 73 6f 6e 69 6e 67 73 0a 27 08 a4 2c 12 22 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 47 65 61 72 0a 21 08 f5 36 12 1c 0a 0d 4c 61 77 6e 20 26 20 47 61 72 64 65 6e 12 0b 48 79 64 72 6f 70 6f 6e 69 63 73 0a 39 08 61 12 35 0a 11 42 6f 6f 6b 73 20 26 20 4d
                                                                                                                  Data Ascii: "3Car & GarageBelts & Hoses#+Sports & OutdoorsAir Pumps!"Car & GarageBody Styling45/Gourmet Food & ChocolateSpices & Seasonings',"Sports & OutdoorsSleeping Gear!6Lawn & GardenHydroponics9a5Books & M
                                                                                                                  2024-09-06 11:54:15 UTC16384INData Raw: 53 79 73 74 65 6d 20 41 63 63 65 73 73 6f 72 69 65 73 0a 20 08 a2 26 12 1b 0a 10 54 6f 6f 6c 73 20 26 20 48 61 72 64 77 61 72 65 12 07 54 6f 69 6c 65 74 73 0a 2c 08 f3 28 12 27 0a 14 4b 69 74 63 68 65 6e 20 26 20 48 6f 75 73 65 77 61 72 65 73 12 0f 45 6c 65 63 74 72 69 63 20 4d 69 78 65 72 73 0a 21 08 c0 32 12 1c 0a 04 54 6f 79 73 12 14 53 61 6e 64 62 6f 78 20 26 20 42 65 61 63 68 20 54 6f 79 73 0a 35 08 a5 25 12 30 0a 18 47 6f 75 72 6d 65 74 20 46 6f 6f 64 20 26 20 43 68 6f 63 6f 6c 61 74 65 12 14 53 65 61 66 6f 6f 64 20 43 6f 6d 62 69 6e 61 74 69 6f 6e 73 0a 24 08 d7 27 12 1f 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 0b 43 61 6b 65 20 53 74 61 6e 64 73 0a 2e 08 a4 28 12 29 0a 14 4b 69 74 63 68 65 6e 20 26 20 48 6f 75 73 65 77 61 72 65 73
                                                                                                                  Data Ascii: System Accessories &Tools & HardwareToilets,('Kitchen & HousewaresElectric Mixers!2ToysSandbox & Beach Toys5%0Gourmet Food & ChocolateSeafood Combinations$'Home FurnishingsCake Stands.()Kitchen & Housewares
                                                                                                                  2024-09-06 11:54:15 UTC16384INData Raw: 47 61 72 61 67 65 20 46 6c 6f 6f 72 20 43 61 72 65 0a 25 08 f0 2a 12 20 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 0d 50 61 70 65 72 20 50 75 6e 63 68 65 73 0a 2d 08 c1 2c 12 28 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 13 42 69 63 79 63 6c 65 20 41 63 63 65 73 73 6f 72 69 65 73 0a 22 08 a2 27 12 1d 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 09 4e 6f 76 65 6c 74 69 65 73 0a 16 08 f3 29 12 11 0a 05 4d 75 73 69 63 12 08 45 78 65 72 63 69 73 65 0a 22 08 8e 31 12 1d 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 08 53 77 69 6d 6d 69 6e 67 0a 26 08 d4 21 12 21 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 0b 4d 61 6b 65 75 70 20 4b 69 74 73 0a 3c 08 a5 2a 12 37 0a 13 4d 75 73 69 63 61 6c
                                                                                                                  Data Ascii: Garage Floor Care%* Office ProductsPaper Punches-,(Sports & OutdoorsBicycle Accessories"'Home FurnishingsNovelties)MusicExercise"1Sports & OutdoorsSwimming&!!Beauty & FragranceMakeup Kits<*7Musical
                                                                                                                  2024-09-06 11:54:15 UTC16384INData Raw: 6e 20 26 20 47 61 72 64 65 6e 12 05 42 75 6c 62 73 0a 21 08 a3 21 12 1c 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 06 4d 61 6b 65 75 70 0a 2d 08 49 12 29 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 14 42 75 73 69 6e 65 73 73 20 26 20 45 63 6f 6e 6f 6d 69 63 73 0a 23 08 d5 23 12 1e 0a 09 43 6f 6d 70 75 74 69 6e 67 12 11 45 78 70 61 6e 73 69 6f 6e 20 4d 6f 64 75 6c 65 73 0a 2f 08 a2 24 12 2a 0a 0b 45 6c 65 63 74 72 6f 6e 69 63 73 12 1b 43 44 20 50 6c 61 79 65 72 73 20 26 20 53 74 65 72 65 6f 20 53 79 73 74 65 6d 73 0a 1f 08 d4 26 12 1a 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 06 51 75 69 6c 74 73 0a 22 08 86 23 12 1d 0a 10 43 6c 6f 74 68 69 6e 67 20 26 20 53 68 6f 65 73 12 09 55 6e 64 65 72 77 65 61 72 0a
                                                                                                                  Data Ascii: n & GardenBulbs!!Beauty & FragranceMakeup-I)Books & MagazinesBusiness & Economics##ComputingExpansion Modules/$*ElectronicsCD Players & Stereo Systems&Home FurnishingsQuilts"#Clothing & ShoesUnderwear
                                                                                                                  2024-09-06 11:54:15 UTC16384INData Raw: 4f 75 74 64 6f 6f 72 73 12 0d 53 6c 65 65 70 69 6e 67 20 42 61 67 73 0a 24 08 bd 21 12 1f 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 09 46 72 61 67 72 61 6e 63 65 0a 28 08 63 12 24 0a 11 42 6f 6f 6b 73 20 26 20 4d 61 67 61 7a 69 6e 65 73 12 0f 4d 75 73 69 63 20 4d 61 67 61 7a 69 6e 65 73 0a 1e 08 8a 2b 12 19 0a 0f 4f 66 66 69 63 65 20 50 72 6f 64 75 63 74 73 12 06 52 75 6c 65 72 73 0a 2d 08 a9 33 12 28 0a 09 43 6f 6d 70 75 74 69 6e 67 12 1b 50 72 69 6e 74 65 72 20 50 61 72 74 73 20 26 20 41 74 74 61 63 68 6d 65 6e 74 73 0a 27 08 ef 23 12 22 0a 09 43 6f 6d 70 75 74 69 6e 67 12 15 54 68 69 6e 20 43 6c 69 65 6e 74 20 43 6f 6d 70 75 74 65 72 73 0a 37 08 bc 24 12 32 0a 0b 45 6c 65 63 74 72 6f 6e 69 63 73 12 23 49 6e 73 74 61 6c 6c 61 74 69
                                                                                                                  Data Ascii: OutdoorsSleeping Bags$!Beauty & FragranceFragrance(c$Books & MagazinesMusic Magazines+Office ProductsRulers-3(ComputingPrinter Parts & Attachments'#"ComputingThin Client Computers7$2Electronics#Installati
                                                                                                                  2024-09-06 11:54:15 UTC1607INData Raw: 43 61 72 20 26 20 47 61 72 61 67 65 12 1f 53 6e 6f 77 6d 6f 62 69 6c 65 20 26 20 41 54 56 20 53 6b 69 73 20 26 20 52 75 6e 6e 65 72 73 0a 23 08 a2 21 12 1e 0a 12 42 65 61 75 74 79 20 26 20 46 72 61 67 72 61 6e 63 65 12 08 54 77 65 65 7a 65 72 73 0a 30 08 8e 33 12 2b 0a 0c 50 65 74 20 53 75 70 70 6c 69 65 73 12 1b 50 65 74 20 48 61 62 69 74 61 74 20 26 20 43 61 67 65 20 53 75 70 70 6c 69 65 73 0a 29 08 d4 23 12 24 0a 09 43 6f 6d 70 75 74 69 6e 67 12 17 44 69 67 69 74 61 6c 20 4d 65 64 69 61 20 52 65 63 65 69 76 65 72 73 0a 2a 08 f3 2b 12 25 0a 11 53 70 6f 72 74 73 20 26 20 4f 75 74 64 6f 6f 72 73 12 10 42 6f 61 74 20 4d 61 69 6e 74 65 6e 61 6e 63 65 0a 22 08 d7 26 12 1d 0a 10 48 6f 6d 65 20 46 75 72 6e 69 73 68 69 6e 67 73 12 09 46 75 72 6e 69 74 75 72 65
                                                                                                                  Data Ascii: Car & GarageSnowmobile & ATV Skis & Runners#!Beauty & FragranceTweezers03+Pet SuppliesPet Habitat & Cage Supplies)#$ComputingDigital Media Receivers*+%Sports & OutdoorsBoat Maintenance"&Home FurnishingsFurniture


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  23192.168.2.54979040.68.123.157443
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:20 UTC306OUTGET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=g+bxnzvDf8MUwhx&MD=f5ZWrhTL HTTP/1.1
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Accept: */*
                                                                                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                  Host: slscr.update.microsoft.com
                                                                                                                  2024-09-06 11:54:21 UTC560INHTTP/1.1 200 OK
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Expires: -1
                                                                                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                  ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880"
                                                                                                                  MS-CorrelationId: c55743e5-6a6e-462d-bda0-057723308c9c
                                                                                                                  MS-RequestId: 1fc965e3-8660-4370-855b-889189211340
                                                                                                                  MS-CV: f1cX6gBASUSH2VL3.0
                                                                                                                  X-Microsoft-SLSClientCache: 2880
                                                                                                                  Content-Disposition: attachment; filename=environment.cab
                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:19 GMT
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 24490
                                                                                                                  2024-09-06 11:54:21 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58
                                                                                                                  Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
                                                                                                                  2024-09-06 11:54:21 UTC8666INData Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31
                                                                                                                  Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  24192.168.2.54982040.68.123.157443
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:54:59 UTC306OUTGET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=g+bxnzvDf8MUwhx&MD=f5ZWrhTL HTTP/1.1
                                                                                                                  Connection: Keep-Alive
                                                                                                                  Accept: */*
                                                                                                                  User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33
                                                                                                                  Host: slscr.update.microsoft.com
                                                                                                                  2024-09-06 11:54:59 UTC560INHTTP/1.1 200 OK
                                                                                                                  Cache-Control: no-cache
                                                                                                                  Pragma: no-cache
                                                                                                                  Content-Type: application/octet-stream
                                                                                                                  Expires: -1
                                                                                                                  Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT
                                                                                                                  ETag: "vic+p1MiJJ+/WMnK08jaWnCBGDfvkGRzPk9f8ZadQHg=_1440"
                                                                                                                  MS-CorrelationId: e01f92e5-816e-4e6c-b150-f0af685c9bfc
                                                                                                                  MS-RequestId: c8555cdc-4d89-469f-9ae6-56828808a736
                                                                                                                  MS-CV: Ww22ghuuxUawlh8L.0
                                                                                                                  X-Microsoft-SLSClientCache: 1440
                                                                                                                  Content-Disposition: attachment; filename=environment.cab
                                                                                                                  X-Content-Type-Options: nosniff
                                                                                                                  Date: Fri, 06 Sep 2024 11:54:59 GMT
                                                                                                                  Connection: close
                                                                                                                  Content-Length: 30005
                                                                                                                  2024-09-06 11:54:59 UTC15824INData Raw: 4d 53 43 46 00 00 00 00 8d 2b 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 5b 49 00 00 14 00 00 00 00 00 10 00 8d 2b 00 00 a8 49 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 72 4d 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 fe f6 51 be 21 2b 72 4d 43 4b ed 7c 05 58 54 eb da f6 14 43 49 37 0a 02 d2 b9 86 0e 41 52 a4 1b 24 a5 bb 43 24 44 18 94 90 92 52 41 3a 05 09 95 ee 54 b0 00 91 2e e9 12 10 04 11 c9 6f 10 b7 a2 67 9f bd cf 3e ff b7 ff b3 bf 73 ed e1 9a 99 f5 c6 7a d7 bb de f5 3e cf fd 3c f7 dc 17 4a 1a 52 e7 41 a8 97 1e 14 f4 e5 25 7d f4 05 82 82 c1 20 30 08 06 ba c3 05 02 11 7f a9 c1 ff d2 87 5c 1e f4 ed 65 8e 7a 1f f6 0a 40 03 1d 7b f9 83 2c 1c 2f db b8 3a 39 3a 58 38 ba 73 5e
                                                                                                                  Data Ascii: MSCF+D[I+IdrMenvironment.cabQ!+rMCK|XTCI7AR$C$DRA:T.og>sz><JRA%} 0\ez@{,/:9:X8s^
                                                                                                                  2024-09-06 11:54:59 UTC14181INData Raw: 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 26 30 24 06 03 55 04 03 13 1d 4d 69 63 72 6f 73 6f 66 74 20 54 69 6d 65 2d 53 74 61 6d 70 20 50 43 41 20 32 30 31 30 30 1e 17 0d 32 33 31 30 31 32 31 39 30 37 32 35 5a 17 0d 32 35 30 31 31 30 31 39 30 37 32 35 5a 30 81 d2 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 13 30 11 06 03 55 04 08 13 0a 57 61 73 68 69 6e 67 74 6f 6e 31 10 30 0e 06 03 55 04 07 13 07 52 65 64 6d 6f 6e 64 31 1e 30 1c 06 03 55 04 0a 13 15 4d 69 63 72 6f 73 6f 66 74 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 2d 30 2b 06 03 55 04 0b 13 24 4d 69 63 72 6f
                                                                                                                  Data Ascii: UUS10UWashington10URedmond10UMicrosoft Corporation1&0$UMicrosoft Time-Stamp PCA 20100231012190725Z250110190725Z010UUS10UWashington10URedmond10UMicrosoft Corporation1-0+U$Micro


                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                  25192.168.2.54982423.55.235.1704437576C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  TimestampBytes transferredDirectionData
                                                                                                                  2024-09-06 11:55:07 UTC442OUTOPTIONS /api/report?cat=bingbusiness HTTP/1.1
                                                                                                                  Host: bzib.nelreports.net
                                                                                                                  Connection: keep-alive
                                                                                                                  Origin: https://business.bing.com
                                                                                                                  Access-Control-Request-Method: POST
                                                                                                                  Access-Control-Request-Headers: content-type
                                                                                                                  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                  Accept-Encoding: gzip, deflate, br
                                                                                                                  Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                  2024-09-06 11:55:07 UTC352INHTTP/1.1 403 Forbidden
                                                                                                                  Content-Length: 2342
                                                                                                                  Content-Type: text/html
                                                                                                                  Date: Fri, 06 Sep 2024 11:55:07 GMT
                                                                                                                  Connection: close
                                                                                                                  PMUSER_FORMAT_QS:
                                                                                                                  X-CDN-TraceId: 0.65a13617.1725623707.22a61c58
                                                                                                                  Access-Control-Allow-Credentials: false
                                                                                                                  Access-Control-Allow-Methods: *
                                                                                                                  Access-Control-Allow-Methods: GET, OPTIONS, POST
                                                                                                                  Access-Control-Allow-Origin: *
                                                                                                                  2024-09-06 11:55:07 UTC1938INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 20 20 3c 74 69 74 6c 65 3e 57 65 62 20 41 70 70 20 2d 20 55 6e 61 76 61 69 6c 61 62 6c 65 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 20 20 20 20 20 20 20 20 68 74 6d 6c 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 25 3b 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 23 66 65 61 74 75 72 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3a 20 39 36 30 70 78 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6d 61 72 67 69 6e 3a 20 39 35
                                                                                                                  Data Ascii: <!DOCTYPE html><html><head> <title>Web App - Unavailable</title> <style type="text/css"> html { height: 100%; width: 100%; } #feature { width: 960px; margin: 95
                                                                                                                  2024-09-06 11:55:07 UTC404INData Raw: 74 20 61 67 61 69 6e 20 73 6f 6f 6e 2e 3c 2f 70 3e 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 20 69 64 3d 22 74 6f 41 64 6d 69 6e 22 3e 49 66 20 79 6f 75 20 61 72 65 20 74 68 65 20 77 65 62 20 61 70 70 20 61 64 6d 69 6e 69 73 74 72 61 74 6f 72 2c 20 70 6c 65 61 73 65 20 66 69 6e 64 20 74 68 65 20 63 6f 6d 6d 6f 6e 20 34 30 33 20 65 72 72 6f 72 20 73 63 65 6e 61 72 69 6f 73 20 61 6e 64 20 72 65 73 6f 6c 75 74 69 6f 6e 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6f 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 66 77 6c 69 6e 6b 2f 3f 6c 69 6e 6b 69 64 3d 32 30 39 35 30 30 37 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 68 65 72 65 3c 2f 61 3e 2e 20 46 6f 72 20 66 75 72 74 68 65 72 20 74 72 6f 75 62 6c 65 73 68 6f 6f 74
                                                                                                                  Data Ascii: t again soon.</p> <p id="toAdmin">If you are the web app administrator, please find the common 403 error scenarios and resolution <a href="https://go.microsoft.com/fwlink/?linkid=2095007" target="_blank">here</a>. For further troubleshoot


                                                                                                                  Statistics

                                                                                                                  CPU Usage

                                                                                                                  Click to jump to process

                                                                                                                  Memory Usage

                                                                                                                  Click to jump to process

                                                                                                                  High Level Behavior Distribution

                                                                                                                  Click to dive into process behavior distribution

                                                                                                                  Behavior

                                                                                                                  Click to jump to process

                                                                                                                  System Behavior

                                                                                                                  General

                                                                                                                  Target ID:0
                                                                                                                  Start time:07:54:01
                                                                                                                  Start date:06/09/2024
                                                                                                                  Path:C:\Users\user\Desktop\file.exe
                                                                                                                  Wow64 process (32bit):true
                                                                                                                  Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                  Imagebase:0xca0000
                                                                                                                  File size:917'504 bytes
                                                                                                                  MD5 hash:11BD4625B4C8F650D10BC4D758DC2F2D
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:low
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:1
                                                                                                                  Start time:07:54:01
                                                                                                                  Start date:06/09/2024
                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                  File size:4'210'216 bytes
                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:3
                                                                                                                  Start time:07:54:01
                                                                                                                  Start date:06/09/2024
                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                                                                  Imagebase:0x7ff79f9e0000
                                                                                                                  File size:676'768 bytes
                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:4
                                                                                                                  Start time:07:54:01
                                                                                                                  Start date:06/09/2024
                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd --attempting-deelevation
                                                                                                                  Imagebase:0x7ff79f9e0000
                                                                                                                  File size:676'768 bytes
                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:5
                                                                                                                  Start time:07:54:01
                                                                                                                  Start date:06/09/2024
                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                                                                  Imagebase:0x7ff79f9e0000
                                                                                                                  File size:676'768 bytes
                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:7
                                                                                                                  Start time:07:54:02
                                                                                                                  Start date:06/09/2024
                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=2036,i,11203481130552999649,2043710382605109733,262144 /prefetch:3
                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                  File size:4'210'216 bytes
                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                  Has elevated privileges:true
                                                                                                                  Has administrator privileges:true
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:8
                                                                                                                  Start time:07:54:02
                                                                                                                  Start date:06/09/2024
                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --flag-switches-begin --flag-switches-end --disable-nacl --do-not-de-elevate https://accounts.google.com/ServiceLogin?service=accountsettings&continue=https://accounts.google.com/v3/signin/challenge/pwd
                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                  File size:4'210'216 bytes
                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:9
                                                                                                                  Start time:07:54:03
                                                                                                                  Start date:06/09/2024
                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:3
                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                  File size:4'210'216 bytes
                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:10
                                                                                                                  Start time:07:54:03
                                                                                                                  Start date:06/09/2024
                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2256 -parentBuildID 20230927232528 -prefsHandle 2188 -prefMapHandle 2180 -prefsLen 25308 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dec7774c-fda2-40d6-963f-1a0f505464f8} 3176 "\\.\pipe\gecko-crash-server-pipe.3176" 164e0c6db10 socket
                                                                                                                  Imagebase:0x7ff79f9e0000
                                                                                                                  File size:676'768 bytes
                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:14
                                                                                                                  Start time:07:54:08
                                                                                                                  Start date:06/09/2024
                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-GB --service-sandbox-type=asset_store_service --mojo-platform-channel-handle=6664 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8
                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                  File size:4'210'216 bytes
                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:15
                                                                                                                  Start time:07:54:08
                                                                                                                  Start date:06/09/2024
                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-GB --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --mojo-platform-channel-handle=6816 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8
                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                  File size:4'210'216 bytes
                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:moderate
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:16
                                                                                                                  Start time:07:54:08
                                                                                                                  Start date:06/09/2024
                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4624 -parentBuildID 20230927232528 -prefsHandle 4612 -prefMapHandle 4608 -prefsLen 30974 -prefMapSize 237879 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2838e6d-0a58-45e2-9f14-197d166c90c2} 3176 "\\.\pipe\gecko-crash-server-pipe.3176" 164fa9f8e10 rdd
                                                                                                                  Imagebase:0x7ff79f9e0000
                                                                                                                  File size:676'768 bytes
                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Reputation:high
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:17
                                                                                                                  Start time:07:54:11
                                                                                                                  Start date:06/09/2024
                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-GB --service-sandbox-type=audio --mojo-platform-channel-handle=6564 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8
                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                  File size:4'210'216 bytes
                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:18
                                                                                                                  Start time:07:54:12
                                                                                                                  Start date:06/09/2024
                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-GB --service-sandbox-type=none --mojo-platform-channel-handle=7124 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8
                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                  File size:4'210'216 bytes
                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:19
                                                                                                                  Start time:07:54:12
                                                                                                                  Start date:06/09/2024
                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=price_comparison_service.mojom.DataProcessor --lang=en-GB --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=7828 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8
                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                  File size:4'210'216 bytes
                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:true

                                                                                                                  General

                                                                                                                  Target ID:21
                                                                                                                  Start time:07:54:19
                                                                                                                  Start date:06/09/2024
                                                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5028 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5036 -prefMapHandle 5040 -prefsLen 33119 -prefMapSize 237879 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdbcea3d-74cd-4886-9c0a-73c063685dc1} 3176 "\\.\pipe\gecko-crash-server-pipe.3176" 164fb965310 utility
                                                                                                                  Imagebase:0x7ff79f9e0000
                                                                                                                  File size:676'768 bytes
                                                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:false

                                                                                                                  General

                                                                                                                  Target ID:24
                                                                                                                  Start time:07:55:03
                                                                                                                  Start date:06/09/2024
                                                                                                                  Path:C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  Wow64 process (32bit):false
                                                                                                                  Commandline:"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-GB --service-sandbox-type=search_indexer --message-loop-type-ui --mojo-platform-channel-handle=6820 --field-trial-handle=2100,i,15410755278528178955,166042639193215713,262144 /prefetch:8
                                                                                                                  Imagebase:0x7ff6c1cf0000
                                                                                                                  File size:4'210'216 bytes
                                                                                                                  MD5 hash:69222B8101B0601CC6663F8381E7E00F
                                                                                                                  Has elevated privileges:false
                                                                                                                  Has administrator privileges:false
                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                  Has exited:false

                                                                                                                  Disassembly

                                                                                                                  Reset < >

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:1.9%
                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                    Signature Coverage:4.6%
                                                                                                                    Total number of Nodes:1426
                                                                                                                    Total number of Limit Nodes:40
                                                                                                                    execution_graph 96250 ca1cad SystemParametersInfoW 96251 ca2de3 96252 ca2df0 __wsopen_s 96251->96252 96253 ca2e09 96252->96253 96254 ce2c2b ___scrt_fastfail 96252->96254 96267 ca3aa2 96253->96267 96257 ce2c47 GetOpenFileNameW 96254->96257 96258 ce2c96 96257->96258 96324 ca6b57 96258->96324 96262 ce2cab 96262->96262 96264 ca2e27 96295 ca44a8 96264->96295 96336 ce1f50 96267->96336 96270 ca3ae9 96342 caa6c3 96270->96342 96271 ca3ace 96273 ca6b57 22 API calls 96271->96273 96274 ca3ada 96273->96274 96338 ca37a0 96274->96338 96277 ca2da5 96278 ce1f50 __wsopen_s 96277->96278 96279 ca2db2 GetLongPathNameW 96278->96279 96280 ca6b57 22 API calls 96279->96280 96281 ca2dda 96280->96281 96282 ca3598 96281->96282 96393 caa961 96282->96393 96285 ca3aa2 23 API calls 96286 ca35b5 96285->96286 96287 ce32eb 96286->96287 96288 ca35c0 96286->96288 96293 ce330d 96287->96293 96410 cbce60 41 API calls 96287->96410 96398 ca515f 96288->96398 96294 ca35df 96294->96264 96411 ca4ecb 96295->96411 96298 ce3833 96433 d12cf9 96298->96433 96300 ca4ecb 94 API calls 96302 ca44e1 96300->96302 96301 ce3848 96303 ce384c 96301->96303 96304 ce3869 96301->96304 96302->96298 96305 ca44e9 96302->96305 96460 ca4f39 96303->96460 96307 cbfe0b 22 API calls 96304->96307 96308 ce3854 96305->96308 96309 ca44f5 96305->96309 96323 ce38ae 96307->96323 96466 d0da5a 82 API calls 96308->96466 96459 ca940c 136 API calls 2 library calls 96309->96459 96312 ce3862 96312->96304 96313 ca2e31 96314 ca4f39 68 API calls 96317 ce3a5f 96314->96317 96317->96314 96472 d0989b 82 API calls __wsopen_s 96317->96472 96320 ca9cb3 22 API calls 96320->96323 96323->96317 96323->96320 96467 d0967e 22 API calls __fread_nolock 96323->96467 96468 d095ad 42 API calls _wcslen 96323->96468 96469 d10b5a 22 API calls 96323->96469 96470 caa4a1 22 API calls __fread_nolock 96323->96470 96471 ca3ff7 22 API calls 96323->96471 96325 ca6b67 _wcslen 96324->96325 96326 ce4ba1 96324->96326 96329 ca6b7d 96325->96329 96330 ca6ba2 96325->96330 96327 ca93b2 22 API calls 96326->96327 96328 ce4baa 96327->96328 96328->96328 96787 ca6f34 22 API calls 96329->96787 96332 cbfddb 22 API calls 96330->96332 96334 ca6bae 96332->96334 96333 ca6b85 __fread_nolock 96333->96262 96335 cbfe0b 22 API calls 96334->96335 96335->96333 96337 ca3aaf GetFullPathNameW 96336->96337 96337->96270 96337->96271 96339 ca37ae 96338->96339 96348 ca93b2 96339->96348 96341 ca2e12 96341->96277 96343 caa6dd 96342->96343 96344 caa6d0 96342->96344 96345 cbfddb 22 API calls 96343->96345 96344->96274 96346 caa6e7 96345->96346 96347 cbfe0b 22 API calls 96346->96347 96347->96344 96349 ca93c0 96348->96349 96350 ca93c9 __fread_nolock 96348->96350 96349->96350 96352 caaec9 96349->96352 96350->96341 96350->96350 96353 caaedc 96352->96353 96357 caaed9 __fread_nolock 96352->96357 96358 cbfddb 96353->96358 96355 caaee7 96368 cbfe0b 96355->96368 96357->96350 96361 cbfde0 96358->96361 96360 cbfdfa 96360->96355 96361->96360 96363 cbfdfc 96361->96363 96378 cc4ead 7 API calls 2 library calls 96361->96378 96379 ccea0c 96361->96379 96364 cc066d 96363->96364 96386 cc32a4 RaiseException 96363->96386 96387 cc32a4 RaiseException 96364->96387 96367 cc068a 96367->96355 96372 cbfddb 96368->96372 96369 ccea0c ___std_exception_copy 21 API calls 96369->96372 96370 cbfdfa 96370->96357 96372->96369 96372->96370 96374 cbfdfc 96372->96374 96390 cc4ead 7 API calls 2 library calls 96372->96390 96373 cc066d 96392 cc32a4 RaiseException 96373->96392 96374->96373 96391 cc32a4 RaiseException 96374->96391 96377 cc068a 96377->96357 96378->96361 96384 cd3820 __FrameHandler3::FrameUnwindToState 96379->96384 96380 cd385e 96389 ccf2d9 20 API calls __dosmaperr 96380->96389 96381 cd3849 RtlAllocateHeap 96383 cd385c 96381->96383 96381->96384 96383->96361 96384->96380 96384->96381 96388 cc4ead 7 API calls 2 library calls 96384->96388 96386->96364 96387->96367 96388->96384 96389->96383 96390->96372 96391->96373 96392->96377 96394 cbfe0b 22 API calls 96393->96394 96395 caa976 96394->96395 96396 cbfddb 22 API calls 96395->96396 96397 ca35aa 96396->96397 96397->96285 96399 ca516e 96398->96399 96403 ca518f __fread_nolock 96398->96403 96402 cbfe0b 22 API calls 96399->96402 96400 cbfddb 22 API calls 96401 ca35cc 96400->96401 96404 ca35f3 96401->96404 96402->96403 96403->96400 96405 ca3605 96404->96405 96409 ca3624 __fread_nolock 96404->96409 96407 cbfe0b 22 API calls 96405->96407 96406 cbfddb 22 API calls 96408 ca363b 96406->96408 96407->96409 96408->96294 96409->96406 96410->96287 96473 ca4e90 LoadLibraryA 96411->96473 96416 ce3ccf 96419 ca4f39 68 API calls 96416->96419 96417 ca4ef6 LoadLibraryExW 96481 ca4e59 LoadLibraryA 96417->96481 96421 ce3cd6 96419->96421 96423 ca4e59 3 API calls 96421->96423 96425 ce3cde 96423->96425 96424 ca4f20 96424->96425 96426 ca4f2c 96424->96426 96503 ca50f5 96425->96503 96427 ca4f39 68 API calls 96426->96427 96429 ca44cd 96427->96429 96429->96298 96429->96300 96432 ce3d05 96434 d12d15 96433->96434 96435 ca511f 64 API calls 96434->96435 96436 d12d29 96435->96436 96653 d12e66 96436->96653 96439 ca50f5 40 API calls 96440 d12d56 96439->96440 96441 ca50f5 40 API calls 96440->96441 96442 d12d66 96441->96442 96443 ca50f5 40 API calls 96442->96443 96444 d12d81 96443->96444 96445 ca50f5 40 API calls 96444->96445 96446 d12d9c 96445->96446 96447 ca511f 64 API calls 96446->96447 96448 d12db3 96447->96448 96449 ccea0c ___std_exception_copy 21 API calls 96448->96449 96450 d12dba 96449->96450 96451 ccea0c ___std_exception_copy 21 API calls 96450->96451 96452 d12dc4 96451->96452 96453 ca50f5 40 API calls 96452->96453 96454 d12dd8 96453->96454 96455 d128fe 27 API calls 96454->96455 96456 d12dee 96455->96456 96457 d12d3f 96456->96457 96659 d122ce 79 API calls 96456->96659 96457->96301 96459->96313 96461 ca4f43 96460->96461 96462 ca4f4a 96460->96462 96660 cce678 96461->96660 96464 ca4f6a FreeLibrary 96462->96464 96465 ca4f59 96462->96465 96464->96465 96465->96308 96466->96312 96467->96323 96468->96323 96469->96323 96470->96323 96471->96323 96472->96317 96474 ca4ea8 GetProcAddress 96473->96474 96475 ca4ec6 96473->96475 96476 ca4eb8 96474->96476 96478 cce5eb 96475->96478 96476->96475 96477 ca4ebf FreeLibrary 96476->96477 96477->96475 96511 cce52a 96478->96511 96480 ca4eea 96480->96416 96480->96417 96482 ca4e6e GetProcAddress 96481->96482 96483 ca4e8d 96481->96483 96484 ca4e7e 96482->96484 96486 ca4f80 96483->96486 96484->96483 96485 ca4e86 FreeLibrary 96484->96485 96485->96483 96487 cbfe0b 22 API calls 96486->96487 96488 ca4f95 96487->96488 96579 ca5722 96488->96579 96490 ca4fa1 __fread_nolock 96491 ce3d1d 96490->96491 96492 ca50a5 96490->96492 96502 ca4fdc 96490->96502 96593 d1304d 74 API calls 96491->96593 96582 ca42a2 CreateStreamOnHGlobal 96492->96582 96495 ce3d22 96497 ca511f 64 API calls 96495->96497 96496 ca50f5 40 API calls 96496->96502 96498 ce3d45 96497->96498 96499 ca50f5 40 API calls 96498->96499 96500 ca506e ISource 96499->96500 96500->96424 96502->96495 96502->96496 96502->96500 96588 ca511f 96502->96588 96504 ca5107 96503->96504 96505 ce3d70 96503->96505 96615 cce8c4 96504->96615 96508 d128fe 96636 d1274e 96508->96636 96510 d12919 96510->96432 96514 cce536 __FrameHandler3::FrameUnwindToState 96511->96514 96512 cce544 96536 ccf2d9 20 API calls __dosmaperr 96512->96536 96514->96512 96516 cce574 96514->96516 96515 cce549 96537 cd27ec 26 API calls __cftof 96515->96537 96518 cce579 96516->96518 96519 cce586 96516->96519 96538 ccf2d9 20 API calls __dosmaperr 96518->96538 96528 cd8061 96519->96528 96522 cce58f 96523 cce595 96522->96523 96526 cce5a2 96522->96526 96539 ccf2d9 20 API calls __dosmaperr 96523->96539 96524 cce554 __wsopen_s 96524->96480 96540 cce5d4 LeaveCriticalSection __fread_nolock 96526->96540 96529 cd806d __FrameHandler3::FrameUnwindToState 96528->96529 96541 cd2f5e EnterCriticalSection 96529->96541 96531 cd807b 96542 cd80fb 96531->96542 96535 cd80ac __wsopen_s 96535->96522 96536->96515 96537->96524 96538->96524 96539->96524 96540->96524 96541->96531 96549 cd811e 96542->96549 96543 cd8088 96555 cd80b7 96543->96555 96544 cd8177 96560 cd4c7d 96544->96560 96549->96543 96549->96544 96558 cc918d EnterCriticalSection 96549->96558 96559 cc91a1 LeaveCriticalSection 96549->96559 96550 cd8189 96550->96543 96573 cd3405 11 API calls 2 library calls 96550->96573 96552 cd81a8 96574 cc918d EnterCriticalSection 96552->96574 96578 cd2fa6 LeaveCriticalSection 96555->96578 96557 cd80be 96557->96535 96558->96549 96559->96549 96561 cd4c8a __FrameHandler3::FrameUnwindToState 96560->96561 96562 cd4cca 96561->96562 96563 cd4cb5 RtlAllocateHeap 96561->96563 96575 cc4ead 7 API calls 2 library calls 96561->96575 96576 ccf2d9 20 API calls __dosmaperr 96562->96576 96563->96561 96564 cd4cc8 96563->96564 96567 cd29c8 96564->96567 96568 cd29fc __dosmaperr 96567->96568 96569 cd29d3 RtlFreeHeap 96567->96569 96568->96550 96569->96568 96570 cd29e8 96569->96570 96577 ccf2d9 20 API calls __dosmaperr 96570->96577 96572 cd29ee GetLastError 96572->96568 96573->96552 96574->96543 96575->96561 96576->96564 96577->96572 96578->96557 96580 cbfddb 22 API calls 96579->96580 96581 ca5734 96580->96581 96581->96490 96583 ca42d9 96582->96583 96584 ca42bc FindResourceExW 96582->96584 96583->96502 96584->96583 96585 ce35ba LoadResource 96584->96585 96585->96583 96586 ce35cf SizeofResource 96585->96586 96586->96583 96587 ce35e3 LockResource 96586->96587 96587->96583 96589 ca512e 96588->96589 96590 ce3d90 96588->96590 96594 ccece3 96589->96594 96593->96495 96597 cceaaa 96594->96597 96596 ca513c 96596->96502 96598 cceab6 __FrameHandler3::FrameUnwindToState 96597->96598 96599 cceac2 96598->96599 96600 cceae8 96598->96600 96610 ccf2d9 20 API calls __dosmaperr 96599->96610 96612 cc918d EnterCriticalSection 96600->96612 96603 cceac7 96611 cd27ec 26 API calls __cftof 96603->96611 96605 cceaf4 96613 ccec0a 62 API calls 2 library calls 96605->96613 96607 cceb08 96614 cceb27 LeaveCriticalSection __fread_nolock 96607->96614 96609 ccead2 __wsopen_s 96609->96596 96610->96603 96611->96609 96612->96605 96613->96607 96614->96609 96618 cce8e1 96615->96618 96617 ca5118 96617->96508 96619 cce8ed __FrameHandler3::FrameUnwindToState 96618->96619 96620 cce92d 96619->96620 96621 cce900 ___scrt_fastfail 96619->96621 96622 cce925 __wsopen_s 96619->96622 96633 cc918d EnterCriticalSection 96620->96633 96631 ccf2d9 20 API calls __dosmaperr 96621->96631 96622->96617 96624 cce937 96634 cce6f8 38 API calls 4 library calls 96624->96634 96627 cce91a 96632 cd27ec 26 API calls __cftof 96627->96632 96628 cce94e 96635 cce96c LeaveCriticalSection __fread_nolock 96628->96635 96631->96627 96632->96622 96633->96624 96634->96628 96635->96622 96639 cce4e8 96636->96639 96638 d1275d 96638->96510 96642 cce469 96639->96642 96641 cce505 96641->96638 96643 cce48c 96642->96643 96644 cce478 96642->96644 96649 cce488 __alldvrm 96643->96649 96652 cd333f 11 API calls 2 library calls 96643->96652 96650 ccf2d9 20 API calls __dosmaperr 96644->96650 96646 cce47d 96651 cd27ec 26 API calls __cftof 96646->96651 96649->96641 96650->96646 96651->96649 96652->96649 96658 d12e7a 96653->96658 96654 ca50f5 40 API calls 96654->96658 96655 d12d3b 96655->96439 96655->96457 96656 d128fe 27 API calls 96656->96658 96657 ca511f 64 API calls 96657->96658 96658->96654 96658->96655 96658->96656 96658->96657 96659->96457 96661 cce684 __FrameHandler3::FrameUnwindToState 96660->96661 96662 cce6aa 96661->96662 96663 cce695 96661->96663 96672 cce6a5 __wsopen_s 96662->96672 96675 cc918d EnterCriticalSection 96662->96675 96673 ccf2d9 20 API calls __dosmaperr 96663->96673 96665 cce69a 96674 cd27ec 26 API calls __cftof 96665->96674 96667 cce6c6 96676 cce602 96667->96676 96670 cce6d1 96692 cce6ee LeaveCriticalSection __fread_nolock 96670->96692 96672->96462 96673->96665 96674->96672 96675->96667 96677 cce60f 96676->96677 96678 cce624 96676->96678 96693 ccf2d9 20 API calls __dosmaperr 96677->96693 96683 cce61f 96678->96683 96695 ccdc0b 96678->96695 96680 cce614 96694 cd27ec 26 API calls __cftof 96680->96694 96683->96670 96688 cce646 96712 cd862f 96688->96712 96691 cd29c8 _free 20 API calls 96691->96683 96692->96672 96693->96680 96694->96683 96696 ccdc1f 96695->96696 96697 ccdc23 96695->96697 96701 cd4d7a 96696->96701 96697->96696 96698 ccd955 __fread_nolock 26 API calls 96697->96698 96699 ccdc43 96698->96699 96727 cd59be 62 API calls 4 library calls 96699->96727 96702 cce640 96701->96702 96703 cd4d90 96701->96703 96705 ccd955 96702->96705 96703->96702 96704 cd29c8 _free 20 API calls 96703->96704 96704->96702 96706 ccd976 96705->96706 96707 ccd961 96705->96707 96706->96688 96728 ccf2d9 20 API calls __dosmaperr 96707->96728 96709 ccd966 96729 cd27ec 26 API calls __cftof 96709->96729 96711 ccd971 96711->96688 96713 cd863e 96712->96713 96714 cd8653 96712->96714 96730 ccf2c6 20 API calls __dosmaperr 96713->96730 96716 cd868e 96714->96716 96719 cd867a 96714->96719 96735 ccf2c6 20 API calls __dosmaperr 96716->96735 96718 cd8643 96731 ccf2d9 20 API calls __dosmaperr 96718->96731 96732 cd8607 96719->96732 96720 cd8693 96736 ccf2d9 20 API calls __dosmaperr 96720->96736 96724 cce64c 96724->96683 96724->96691 96725 cd869b 96737 cd27ec 26 API calls __cftof 96725->96737 96727->96696 96728->96709 96729->96711 96730->96718 96731->96724 96738 cd8585 96732->96738 96734 cd862b 96734->96724 96735->96720 96736->96725 96737->96724 96739 cd8591 __FrameHandler3::FrameUnwindToState 96738->96739 96749 cd5147 EnterCriticalSection 96739->96749 96741 cd859f 96742 cd85c6 96741->96742 96743 cd85d1 96741->96743 96750 cd86ae 96742->96750 96765 ccf2d9 20 API calls __dosmaperr 96743->96765 96746 cd85cc 96766 cd85fb LeaveCriticalSection __wsopen_s 96746->96766 96748 cd85ee __wsopen_s 96748->96734 96749->96741 96767 cd53c4 96750->96767 96752 cd86be 96753 cd86c4 96752->96753 96754 cd86f6 96752->96754 96756 cd53c4 __wsopen_s 26 API calls 96752->96756 96780 cd5333 21 API calls 2 library calls 96753->96780 96754->96753 96757 cd53c4 __wsopen_s 26 API calls 96754->96757 96759 cd86ed 96756->96759 96760 cd8702 FindCloseChangeNotification 96757->96760 96758 cd871c 96761 cd873e 96758->96761 96781 ccf2a3 20 API calls __dosmaperr 96758->96781 96763 cd53c4 __wsopen_s 26 API calls 96759->96763 96760->96753 96764 cd870e GetLastError 96760->96764 96761->96746 96763->96754 96764->96753 96765->96746 96766->96748 96768 cd53e6 96767->96768 96769 cd53d1 96767->96769 96775 cd540b 96768->96775 96784 ccf2c6 20 API calls __dosmaperr 96768->96784 96782 ccf2c6 20 API calls __dosmaperr 96769->96782 96772 cd53d6 96783 ccf2d9 20 API calls __dosmaperr 96772->96783 96773 cd5416 96785 ccf2d9 20 API calls __dosmaperr 96773->96785 96775->96752 96777 cd541e 96786 cd27ec 26 API calls __cftof 96777->96786 96778 cd53de 96778->96752 96780->96758 96781->96761 96782->96772 96783->96778 96784->96773 96785->96777 96786->96778 96787->96333 96788 ce2ba5 96789 ce2baf 96788->96789 96790 ca2b25 96788->96790 96834 ca3a5a 96789->96834 96816 ca2b83 7 API calls 96790->96816 96794 ce2bb8 96841 ca9cb3 96794->96841 96797 ca2b2f 96803 ca2b44 96797->96803 96820 ca3837 96797->96820 96798 ce2bc6 96799 ce2bce 96798->96799 96800 ce2bf5 96798->96800 96847 ca33c6 96799->96847 96801 ca33c6 22 API calls 96800->96801 96805 ce2bf1 GetForegroundWindow ShellExecuteW 96801->96805 96808 ca2b5f 96803->96808 96830 ca30f2 96803->96830 96810 ce2c26 96805->96810 96814 ca2b66 SetCurrentDirectoryW 96808->96814 96810->96808 96812 ce2be7 96813 ca33c6 22 API calls 96812->96813 96813->96805 96815 ca2b7a 96814->96815 96857 ca2cd4 7 API calls 96816->96857 96818 ca2b2a 96819 ca2c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 96818->96819 96819->96797 96821 ca3862 ___scrt_fastfail 96820->96821 96858 ca4212 96821->96858 96824 ca38e8 96826 ce3386 Shell_NotifyIconW 96824->96826 96827 ca3906 Shell_NotifyIconW 96824->96827 96862 ca3923 96827->96862 96829 ca391c 96829->96803 96831 ca3154 96830->96831 96832 ca3104 ___scrt_fastfail 96830->96832 96831->96808 96833 ca3123 Shell_NotifyIconW 96832->96833 96833->96831 96835 ce1f50 __wsopen_s 96834->96835 96836 ca3a67 GetModuleFileNameW 96835->96836 96837 ca9cb3 22 API calls 96836->96837 96838 ca3a8d 96837->96838 96839 ca3aa2 23 API calls 96838->96839 96840 ca3a97 96839->96840 96840->96794 96842 ca9cc2 _wcslen 96841->96842 96843 cbfe0b 22 API calls 96842->96843 96844 ca9cea __fread_nolock 96843->96844 96845 cbfddb 22 API calls 96844->96845 96846 ca9d00 96845->96846 96846->96798 96848 ce30bb 96847->96848 96849 ca33dd 96847->96849 96850 cbfddb 22 API calls 96848->96850 96893 ca33ee 96849->96893 96853 ce30c5 _wcslen 96850->96853 96852 ca33e8 96856 ca6350 22 API calls 96852->96856 96854 cbfe0b 22 API calls 96853->96854 96855 ce30fe __fread_nolock 96854->96855 96856->96812 96857->96818 96859 ce35a4 96858->96859 96860 ca38b7 96858->96860 96859->96860 96861 ce35ad DestroyIcon 96859->96861 96860->96824 96884 d0c874 42 API calls _strftime 96860->96884 96861->96860 96863 ca393f 96862->96863 96882 ca3a13 96862->96882 96885 ca6270 96863->96885 96866 ca395a 96868 ca6b57 22 API calls 96866->96868 96867 ce3393 LoadStringW 96869 ce33ad 96867->96869 96870 ca396f 96868->96870 96877 ca3994 ___scrt_fastfail 96869->96877 96891 caa8c7 22 API calls __fread_nolock 96869->96891 96871 ca397c 96870->96871 96872 ce33c9 96870->96872 96871->96869 96874 ca3986 96871->96874 96892 ca6350 22 API calls 96872->96892 96890 ca6350 22 API calls 96874->96890 96880 ca39f9 Shell_NotifyIconW 96877->96880 96878 ce33d7 96878->96877 96879 ca33c6 22 API calls 96878->96879 96881 ce33f9 96879->96881 96880->96882 96883 ca33c6 22 API calls 96881->96883 96882->96829 96883->96877 96884->96824 96886 cbfe0b 22 API calls 96885->96886 96887 ca6295 96886->96887 96888 cbfddb 22 API calls 96887->96888 96889 ca394d 96888->96889 96889->96866 96889->96867 96890->96877 96891->96877 96892->96878 96894 ca33fe _wcslen 96893->96894 96895 ce311d 96894->96895 96896 ca3411 96894->96896 96898 cbfddb 22 API calls 96895->96898 96903 caa587 96896->96903 96900 ce3127 96898->96900 96899 ca341e __fread_nolock 96899->96852 96901 cbfe0b 22 API calls 96900->96901 96902 ce3157 __fread_nolock 96901->96902 96905 caa59d 96903->96905 96907 caa598 __fread_nolock 96903->96907 96904 cef80f 96905->96904 96906 cbfe0b 22 API calls 96905->96906 96906->96907 96907->96899 96908 ce2402 96911 ca1410 96908->96911 96912 ca144f mciSendStringW 96911->96912 96913 ce24b8 DestroyWindow 96911->96913 96914 ca146b 96912->96914 96915 ca16c6 96912->96915 96925 ce24c4 96913->96925 96916 ca1479 96914->96916 96914->96925 96915->96914 96917 ca16d5 UnregisterHotKey 96915->96917 96944 ca182e 96916->96944 96917->96915 96919 ce24d8 96919->96925 96950 ca6246 CloseHandle 96919->96950 96920 ce24e2 FindClose 96920->96925 96922 ce2509 96926 ce252d 96922->96926 96927 ce251c FreeLibrary 96922->96927 96924 ca148e 96924->96926 96934 ca149c 96924->96934 96925->96919 96925->96920 96925->96922 96928 ce2541 VirtualFree 96926->96928 96935 ca1509 96926->96935 96927->96922 96928->96926 96929 ca14f8 OleUninitialize 96929->96935 96930 ce2589 96937 ce2598 ISource 96930->96937 96951 d132eb 6 API calls ISource 96930->96951 96931 ca1514 96932 ca1524 96931->96932 96948 ca1944 VirtualFreeEx CloseHandle 96932->96948 96934->96929 96935->96930 96935->96931 96940 ce2627 96937->96940 96952 d064d4 22 API calls ISource 96937->96952 96939 ca153a 96939->96937 96941 ca161f 96939->96941 96940->96940 96941->96940 96949 ca1876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 96941->96949 96943 ca16c1 96946 ca183b 96944->96946 96945 ca1480 96945->96922 96945->96924 96946->96945 96953 d0702a 22 API calls 96946->96953 96948->96939 96949->96943 96950->96919 96951->96930 96952->96937 96953->96946 96954 ca1044 96959 ca10f3 96954->96959 96956 ca104a 96995 cc00a3 29 API calls __onexit 96956->96995 96958 ca1054 96996 ca1398 96959->96996 96963 ca116a 96964 caa961 22 API calls 96963->96964 96965 ca1174 96964->96965 96966 caa961 22 API calls 96965->96966 96967 ca117e 96966->96967 96968 caa961 22 API calls 96967->96968 96969 ca1188 96968->96969 96970 caa961 22 API calls 96969->96970 96971 ca11c6 96970->96971 96972 caa961 22 API calls 96971->96972 96973 ca1292 96972->96973 97006 ca171c 96973->97006 96977 ca12c4 96978 caa961 22 API calls 96977->96978 96979 ca12ce 96978->96979 97027 cb1940 96979->97027 96981 ca12f9 97037 ca1aab 96981->97037 96983 ca1315 96984 ca1325 GetStdHandle 96983->96984 96985 ce2485 96984->96985 96987 ca137a 96984->96987 96986 ce248e 96985->96986 96985->96987 96988 cbfddb 22 API calls 96986->96988 96989 ca1387 OleInitialize 96987->96989 96990 ce2495 96988->96990 96989->96956 97044 d1011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96990->97044 96992 ce249e 97045 d10944 CreateThread 96992->97045 96994 ce24aa CloseHandle 96994->96987 96995->96958 97046 ca13f1 96996->97046 96999 ca13f1 22 API calls 97000 ca13d0 96999->97000 97001 caa961 22 API calls 97000->97001 97002 ca13dc 97001->97002 97003 ca6b57 22 API calls 97002->97003 97004 ca1129 97003->97004 97005 ca1bc3 6 API calls 97004->97005 97005->96963 97007 caa961 22 API calls 97006->97007 97008 ca172c 97007->97008 97009 caa961 22 API calls 97008->97009 97010 ca1734 97009->97010 97011 caa961 22 API calls 97010->97011 97012 ca174f 97011->97012 97013 cbfddb 22 API calls 97012->97013 97014 ca129c 97013->97014 97015 ca1b4a 97014->97015 97016 ca1b58 97015->97016 97017 caa961 22 API calls 97016->97017 97018 ca1b63 97017->97018 97019 caa961 22 API calls 97018->97019 97020 ca1b6e 97019->97020 97021 caa961 22 API calls 97020->97021 97022 ca1b79 97021->97022 97023 caa961 22 API calls 97022->97023 97024 ca1b84 97023->97024 97025 cbfddb 22 API calls 97024->97025 97026 ca1b96 RegisterWindowMessageW 97025->97026 97026->96977 97028 cb1981 97027->97028 97032 cb195d 97027->97032 97053 cc0242 5 API calls __Init_thread_wait 97028->97053 97031 cb198b 97031->97032 97054 cc01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97031->97054 97036 cb196e 97032->97036 97055 cc0242 5 API calls __Init_thread_wait 97032->97055 97033 cb8727 97033->97036 97056 cc01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97033->97056 97036->96981 97038 ca1abb 97037->97038 97039 ce272d 97037->97039 97040 cbfddb 22 API calls 97038->97040 97057 d13209 23 API calls 97039->97057 97042 ca1ac3 97040->97042 97042->96983 97043 ce2738 97044->96992 97045->96994 97058 d1092a 28 API calls 97045->97058 97047 caa961 22 API calls 97046->97047 97048 ca13fc 97047->97048 97049 caa961 22 API calls 97048->97049 97050 ca1404 97049->97050 97051 caa961 22 API calls 97050->97051 97052 ca13c6 97051->97052 97052->96999 97053->97031 97054->97032 97055->97033 97056->97036 97057->97043 97059 cf2a00 97070 cad7b0 ISource 97059->97070 97060 cadb11 PeekMessageW 97060->97070 97061 cad807 GetInputState 97061->97060 97061->97070 97062 cad9d5 97063 cf1cbe TranslateAcceleratorW 97063->97070 97065 cadb8f PeekMessageW 97065->97070 97066 cada04 timeGetTime 97066->97070 97067 cadb73 TranslateMessage DispatchMessageW 97067->97065 97068 cadbaf Sleep 97071 cadbc0 97068->97071 97069 cf2b74 Sleep 97069->97071 97070->97060 97070->97061 97070->97062 97070->97063 97070->97065 97070->97066 97070->97067 97070->97068 97070->97069 97073 cf1dda timeGetTime 97070->97073 97091 cadd50 97070->97091 97098 cb1310 97070->97098 97150 cadfd0 185 API calls 3 library calls 97070->97150 97151 cabf40 97070->97151 97209 cbedf6 IsDialogMessageW GetClassLongW 97070->97209 97211 d13a2a 23 API calls 97070->97211 97212 caec40 97070->97212 97236 d1359c 82 API calls __wsopen_s 97070->97236 97071->97062 97071->97070 97072 cbe551 timeGetTime 97071->97072 97076 cf2c0b GetExitCodeProcess 97071->97076 97077 d329bf GetForegroundWindow 97071->97077 97081 cf2a31 97071->97081 97082 cf2ca9 Sleep 97071->97082 97237 d25658 23 API calls 97071->97237 97238 d0e97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 97071->97238 97239 d0d4dc CreateToolhelp32Snapshot Process32FirstW 97071->97239 97072->97071 97210 cbe300 23 API calls 97073->97210 97079 cf2c37 CloseHandle 97076->97079 97080 cf2c21 WaitForSingleObject 97076->97080 97077->97071 97079->97071 97080->97070 97080->97079 97081->97062 97082->97070 97092 cadd6f 97091->97092 97093 cadd83 97091->97093 97249 cad260 97092->97249 97281 d1359c 82 API calls __wsopen_s 97093->97281 97095 cadd7a 97095->97070 97097 cf2f75 97097->97097 97099 cb17b0 97098->97099 97100 cb1376 97098->97100 97303 cc0242 5 API calls __Init_thread_wait 97099->97303 97102 cb1390 97100->97102 97103 cf6331 97100->97103 97107 cb1940 9 API calls 97102->97107 97104 cf633d 97103->97104 97308 d2709c 185 API calls 97103->97308 97104->97070 97106 cb17ba 97109 ca9cb3 22 API calls 97106->97109 97112 cb17fb 97106->97112 97108 cb13a0 97107->97108 97110 cb1940 9 API calls 97108->97110 97119 cb17d4 97109->97119 97111 cb13b6 97110->97111 97111->97112 97114 cb13ec 97111->97114 97113 cf6346 97112->97113 97115 cb182c 97112->97115 97309 d1359c 82 API calls __wsopen_s 97113->97309 97114->97113 97137 cb1408 __fread_nolock 97114->97137 97305 caaceb 23 API calls ISource 97115->97305 97118 cb1839 97306 cbd217 185 API calls 97118->97306 97304 cc01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97119->97304 97122 cf636e 97310 d1359c 82 API calls __wsopen_s 97122->97310 97123 cb152f 97125 cb153c 97123->97125 97126 cf63d1 97123->97126 97128 cb1940 9 API calls 97125->97128 97312 d25745 54 API calls _wcslen 97126->97312 97130 cb1549 97128->97130 97129 cbfddb 22 API calls 97129->97137 97135 cb1940 9 API calls 97130->97135 97145 cb15c7 ISource 97130->97145 97131 cb1872 97307 cbfaeb 23 API calls 97131->97307 97132 cbfe0b 22 API calls 97132->97137 97133 cb171d 97133->97070 97140 cb1563 97135->97140 97137->97118 97137->97122 97137->97123 97137->97129 97137->97132 97138 caec40 185 API calls 97137->97138 97141 cf63b2 97137->97141 97137->97145 97138->97137 97139 cb167b ISource 97139->97133 97302 cbce17 22 API calls ISource 97139->97302 97140->97145 97313 caa8c7 22 API calls __fread_nolock 97140->97313 97311 d1359c 82 API calls __wsopen_s 97141->97311 97143 cb1940 9 API calls 97143->97145 97145->97131 97145->97139 97145->97143 97289 d2a2ea 97145->97289 97294 d15c5a 97145->97294 97299 d2ac5b 97145->97299 97314 d1359c 82 API calls __wsopen_s 97145->97314 97150->97070 97379 caadf0 97151->97379 97153 cabf9d 97154 cabfa9 97153->97154 97155 cf04b6 97153->97155 97157 cf04c6 97154->97157 97158 cac01e 97154->97158 97398 d1359c 82 API calls __wsopen_s 97155->97398 97399 d1359c 82 API calls __wsopen_s 97157->97399 97384 caac91 97158->97384 97162 cac7da 97165 cbfe0b 22 API calls 97162->97165 97170 cac808 __fread_nolock 97165->97170 97167 cf04f5 97171 cf055a 97167->97171 97400 cbd217 185 API calls 97167->97400 97174 cbfe0b 22 API calls 97170->97174 97196 cac603 97171->97196 97401 d1359c 82 API calls __wsopen_s 97171->97401 97172 cbfddb 22 API calls 97207 cac039 ISource __fread_nolock 97172->97207 97173 caec40 185 API calls 97173->97207 97206 cac350 ISource __fread_nolock 97174->97206 97175 caaf8a 22 API calls 97175->97207 97176 d07120 22 API calls 97176->97207 97177 cf091a 97411 d13209 23 API calls 97177->97411 97180 cf08a5 97181 caec40 185 API calls 97180->97181 97182 cf08cf 97181->97182 97182->97196 97409 caa81b 41 API calls 97182->97409 97184 cf0591 97402 d1359c 82 API calls __wsopen_s 97184->97402 97188 cf08f6 97410 d1359c 82 API calls __wsopen_s 97188->97410 97190 cabbe0 40 API calls 97190->97207 97192 cac237 97193 cac253 97192->97193 97412 caa8c7 22 API calls __fread_nolock 97192->97412 97197 cf0976 97193->97197 97200 cac297 ISource 97193->97200 97194 cbfe0b 22 API calls 97194->97207 97196->97070 97413 caaceb 23 API calls ISource 97197->97413 97202 cf09bf 97200->97202 97395 caaceb 23 API calls ISource 97200->97395 97202->97196 97414 d1359c 82 API calls __wsopen_s 97202->97414 97203 cac335 97203->97202 97204 cac342 97203->97204 97396 caa704 22 API calls ISource 97204->97396 97208 cac3ac 97206->97208 97397 cbce17 22 API calls ISource 97206->97397 97207->97162 97207->97167 97207->97170 97207->97171 97207->97172 97207->97173 97207->97175 97207->97176 97207->97177 97207->97180 97207->97184 97207->97188 97207->97190 97207->97192 97207->97194 97207->97196 97207->97202 97388 caad81 97207->97388 97403 d07099 22 API calls __fread_nolock 97207->97403 97404 d25745 54 API calls _wcslen 97207->97404 97405 cbaa42 22 API calls ISource 97207->97405 97406 d0f05c 40 API calls 97207->97406 97407 caa993 41 API calls 97207->97407 97408 caaceb 23 API calls ISource 97207->97408 97208->97070 97209->97070 97210->97070 97211->97070 97234 caec76 ISource 97212->97234 97213 cbfddb 22 API calls 97213->97234 97214 cc01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 97214->97234 97215 cafef7 97229 caed9d ISource 97215->97229 97427 caa8c7 22 API calls __fread_nolock 97215->97427 97218 cf4600 97218->97229 97426 caa8c7 22 API calls __fread_nolock 97218->97426 97219 cf4b0b 97429 d1359c 82 API calls __wsopen_s 97219->97429 97220 caa8c7 22 API calls 97220->97234 97226 cc0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 97226->97234 97227 cafbe3 97227->97229 97230 cf4bdc 97227->97230 97235 caf3ae ISource 97227->97235 97228 caa961 22 API calls 97228->97234 97229->97070 97430 d1359c 82 API calls __wsopen_s 97230->97430 97231 cc00a3 29 API calls pre_c_initialization 97231->97234 97233 cf4beb 97431 d1359c 82 API calls __wsopen_s 97233->97431 97234->97213 97234->97214 97234->97215 97234->97218 97234->97219 97234->97220 97234->97226 97234->97227 97234->97228 97234->97229 97234->97231 97234->97233 97234->97235 97424 cb01e0 185 API calls 2 library calls 97234->97424 97425 cb06a0 41 API calls ISource 97234->97425 97235->97229 97428 d1359c 82 API calls __wsopen_s 97235->97428 97236->97070 97237->97071 97238->97071 97432 d0def7 97239->97432 97241 d0d529 Process32NextW 97242 d0d5db FindCloseChangeNotification 97241->97242 97246 d0d522 97241->97246 97242->97071 97243 caa961 22 API calls 97243->97246 97244 ca9cb3 22 API calls 97244->97246 97246->97241 97246->97242 97246->97243 97246->97244 97438 ca525f 22 API calls 97246->97438 97439 ca6350 22 API calls 97246->97439 97440 cbce60 41 API calls 97246->97440 97250 caec40 185 API calls 97249->97250 97270 cad29d 97250->97270 97251 cf1bc4 97288 d1359c 82 API calls __wsopen_s 97251->97288 97253 cad6d5 97255 cad30b ISource 97253->97255 97264 cbfe0b 22 API calls 97253->97264 97254 cad3c3 97254->97253 97256 cad3ce 97254->97256 97255->97095 97258 cbfddb 22 API calls 97256->97258 97257 cad5ff 97259 cf1bb5 97257->97259 97260 cad614 97257->97260 97268 cad3d5 __fread_nolock 97258->97268 97287 d25705 23 API calls 97259->97287 97263 cbfddb 22 API calls 97260->97263 97261 cad4b8 97265 cbfe0b 22 API calls 97261->97265 97273 cad46a 97263->97273 97264->97268 97276 cad429 ISource __fread_nolock 97265->97276 97266 cbfddb 22 API calls 97267 cad3f6 97266->97267 97267->97276 97282 cabec0 185 API calls 97267->97282 97268->97266 97268->97267 97269 cbfddb 22 API calls 97269->97270 97270->97251 97270->97253 97270->97254 97270->97255 97270->97261 97270->97269 97270->97276 97272 cf1ba4 97286 d1359c 82 API calls __wsopen_s 97272->97286 97273->97095 97276->97257 97276->97272 97276->97273 97277 cf1b7f 97276->97277 97279 cf1b5d 97276->97279 97283 ca1f6f 185 API calls 97276->97283 97285 d1359c 82 API calls __wsopen_s 97277->97285 97284 d1359c 82 API calls __wsopen_s 97279->97284 97281->97097 97282->97276 97283->97276 97284->97273 97285->97273 97286->97273 97287->97251 97288->97255 97315 ca7510 97289->97315 97292 d0d4dc 47 API calls 97293 d2a315 97292->97293 97293->97145 97295 ca7510 53 API calls 97294->97295 97296 d15c6d 97295->97296 97342 d0dbbe lstrlenW 97296->97342 97298 d15c77 97298->97145 97347 d2ad64 97299->97347 97301 d2ac6f 97301->97145 97302->97139 97303->97106 97304->97112 97305->97118 97306->97131 97307->97131 97308->97104 97309->97145 97310->97145 97311->97145 97312->97140 97313->97145 97314->97145 97316 ca7525 97315->97316 97332 ca7522 97315->97332 97317 ca755b 97316->97317 97318 ca752d 97316->97318 97321 ca756d 97317->97321 97328 ce50f6 97317->97328 97330 ce500f 97317->97330 97338 cc51c6 26 API calls 97318->97338 97339 cbfb21 51 API calls 97321->97339 97322 ce510e 97322->97322 97324 ca753d 97325 cbfddb 22 API calls 97324->97325 97327 ca7547 97325->97327 97329 ca9cb3 22 API calls 97327->97329 97341 cc5183 26 API calls 97328->97341 97329->97332 97331 cbfe0b 22 API calls 97330->97331 97337 ce5088 97330->97337 97333 ce5058 97331->97333 97332->97292 97334 cbfddb 22 API calls 97333->97334 97335 ce507f 97334->97335 97336 ca9cb3 22 API calls 97335->97336 97336->97337 97340 cbfb21 51 API calls 97337->97340 97338->97324 97339->97324 97340->97328 97341->97322 97343 d0dc06 97342->97343 97344 d0dbdc GetFileAttributesW 97342->97344 97343->97298 97344->97343 97345 d0dbe8 FindFirstFileW 97344->97345 97345->97343 97346 d0dbf9 FindClose 97345->97346 97346->97343 97348 caa961 22 API calls 97347->97348 97350 d2ad77 ___scrt_fastfail 97348->97350 97349 d2adce 97352 d2adee 97349->97352 97355 ca7510 53 API calls 97349->97355 97350->97349 97351 ca7510 53 API calls 97350->97351 97354 d2adab 97351->97354 97353 d2ae3a 97352->97353 97356 ca7510 53 API calls 97352->97356 97359 d2ae4d ___scrt_fastfail 97353->97359 97378 cab567 39 API calls 97353->97378 97354->97349 97358 ca7510 53 API calls 97354->97358 97357 d2ade4 97355->97357 97366 d2ae04 97356->97366 97376 ca7620 22 API calls _wcslen 97357->97376 97361 d2adc4 97358->97361 97364 ca7510 53 API calls 97359->97364 97375 ca7620 22 API calls _wcslen 97361->97375 97365 d2ae85 ShellExecuteExW 97364->97365 97367 d2aeb0 97365->97367 97366->97353 97368 ca7510 53 API calls 97366->97368 97371 d2aec8 97367->97371 97372 d2af35 GetProcessId 97367->97372 97369 d2ae28 97368->97369 97369->97353 97377 caa8c7 22 API calls __fread_nolock 97369->97377 97371->97301 97373 d2af48 97372->97373 97374 d2af58 CloseHandle 97373->97374 97374->97371 97375->97349 97376->97352 97377->97353 97378->97359 97380 caae01 97379->97380 97383 caae1c ISource 97379->97383 97381 caaec9 22 API calls 97380->97381 97382 caae09 CharUpperBuffW 97381->97382 97382->97383 97383->97153 97385 caacae 97384->97385 97386 caacd1 97385->97386 97415 d1359c 82 API calls __wsopen_s 97385->97415 97386->97207 97389 cefadb 97388->97389 97390 caad92 97388->97390 97391 cbfddb 22 API calls 97390->97391 97392 caad99 97391->97392 97416 caadcd 97392->97416 97395->97203 97396->97206 97397->97206 97398->97157 97399->97196 97400->97171 97401->97196 97402->97196 97403->97207 97404->97207 97405->97207 97406->97207 97407->97207 97408->97207 97409->97188 97410->97196 97411->97192 97412->97193 97413->97202 97414->97196 97415->97386 97419 caaddd 97416->97419 97417 caadb6 97417->97207 97418 cbfddb 22 API calls 97418->97419 97419->97417 97419->97418 97420 caa961 22 API calls 97419->97420 97422 caadcd 22 API calls 97419->97422 97423 caa8c7 22 API calls __fread_nolock 97419->97423 97420->97419 97422->97419 97423->97419 97424->97234 97425->97234 97426->97229 97427->97229 97428->97229 97429->97229 97430->97233 97431->97229 97433 d0df02 97432->97433 97434 d0df19 97433->97434 97437 d0df1f 97433->97437 97441 cc63b2 GetStringTypeW _strftime 97433->97441 97442 cc62fb 39 API calls _strftime 97434->97442 97437->97246 97438->97246 97439->97246 97440->97246 97441->97433 97442->97437 97443 cd8402 97448 cd81be 97443->97448 97446 cd842a 97453 cd81ef try_get_first_available_module 97448->97453 97450 cd83ee 97467 cd27ec 26 API calls __cftof 97450->97467 97452 cd8343 97452->97446 97460 ce0984 97452->97460 97453->97453 97456 cd8338 97453->97456 97463 cc8e0b 40 API calls 2 library calls 97453->97463 97455 cd838c 97455->97456 97464 cc8e0b 40 API calls 2 library calls 97455->97464 97456->97452 97466 ccf2d9 20 API calls __dosmaperr 97456->97466 97458 cd83ab 97458->97456 97465 cc8e0b 40 API calls 2 library calls 97458->97465 97468 ce0081 97460->97468 97462 ce099f 97462->97446 97463->97455 97464->97458 97465->97456 97466->97450 97467->97452 97471 ce008d __FrameHandler3::FrameUnwindToState 97468->97471 97469 ce009b 97526 ccf2d9 20 API calls __dosmaperr 97469->97526 97471->97469 97473 ce00d4 97471->97473 97472 ce00a0 97527 cd27ec 26 API calls __cftof 97472->97527 97479 ce065b 97473->97479 97478 ce00aa __wsopen_s 97478->97462 97529 ce042f 97479->97529 97482 ce068d 97561 ccf2c6 20 API calls __dosmaperr 97482->97561 97483 ce06a6 97547 cd5221 97483->97547 97486 ce06ab 97487 ce06cb 97486->97487 97488 ce06b4 97486->97488 97560 ce039a CreateFileW 97487->97560 97563 ccf2c6 20 API calls __dosmaperr 97488->97563 97492 ce00f8 97528 ce0121 LeaveCriticalSection __wsopen_s 97492->97528 97493 ce06b9 97564 ccf2d9 20 API calls __dosmaperr 97493->97564 97494 ce0781 GetFileType 97497 ce078c GetLastError 97494->97497 97498 ce07d3 97494->97498 97496 ce0756 GetLastError 97566 ccf2a3 20 API calls __dosmaperr 97496->97566 97567 ccf2a3 20 API calls __dosmaperr 97497->97567 97569 cd516a 21 API calls 2 library calls 97498->97569 97499 ce0692 97562 ccf2d9 20 API calls __dosmaperr 97499->97562 97500 ce0704 97500->97494 97500->97496 97565 ce039a CreateFileW 97500->97565 97504 ce079a CloseHandle 97504->97499 97507 ce07c3 97504->97507 97506 ce0749 97506->97494 97506->97496 97568 ccf2d9 20 API calls __dosmaperr 97507->97568 97509 ce07f4 97511 ce0840 97509->97511 97570 ce05ab 72 API calls 3 library calls 97509->97570 97510 ce07c8 97510->97499 97515 ce086d 97511->97515 97571 ce014d 72 API calls 4 library calls 97511->97571 97514 ce0866 97514->97515 97516 ce087e 97514->97516 97517 cd86ae __wsopen_s 29 API calls 97515->97517 97516->97492 97518 ce08fc CloseHandle 97516->97518 97517->97492 97572 ce039a CreateFileW 97518->97572 97520 ce0927 97521 ce095d 97520->97521 97522 ce0931 GetLastError 97520->97522 97521->97492 97573 ccf2a3 20 API calls __dosmaperr 97522->97573 97524 ce093d 97574 cd5333 21 API calls 2 library calls 97524->97574 97526->97472 97527->97478 97528->97478 97530 ce046a 97529->97530 97531 ce0450 97529->97531 97575 ce03bf 97530->97575 97531->97530 97582 ccf2d9 20 API calls __dosmaperr 97531->97582 97534 ce045f 97583 cd27ec 26 API calls __cftof 97534->97583 97536 ce04a2 97537 ce04d1 97536->97537 97584 ccf2d9 20 API calls __dosmaperr 97536->97584 97542 ce0524 97537->97542 97586 ccd70d 26 API calls 2 library calls 97537->97586 97540 ce051f 97540->97542 97543 ce059e 97540->97543 97541 ce04c6 97585 cd27ec 26 API calls __cftof 97541->97585 97542->97482 97542->97483 97587 cd27fc 11 API calls _abort 97543->97587 97546 ce05aa 97548 cd522d __FrameHandler3::FrameUnwindToState 97547->97548 97590 cd2f5e EnterCriticalSection 97548->97590 97550 cd527b 97591 cd532a 97550->97591 97551 cd5234 97551->97550 97552 cd5259 97551->97552 97557 cd52c7 EnterCriticalSection 97551->97557 97594 cd5000 97552->97594 97555 cd52a4 __wsopen_s 97555->97486 97557->97550 97558 cd52d4 LeaveCriticalSection 97557->97558 97558->97551 97560->97500 97561->97499 97562->97492 97563->97493 97564->97499 97565->97506 97566->97499 97567->97504 97568->97510 97569->97509 97570->97511 97571->97514 97572->97520 97573->97524 97574->97521 97578 ce03d7 97575->97578 97576 ce03f2 97576->97536 97578->97576 97588 ccf2d9 20 API calls __dosmaperr 97578->97588 97579 ce0416 97589 cd27ec 26 API calls __cftof 97579->97589 97581 ce0421 97581->97536 97582->97534 97583->97530 97584->97541 97585->97537 97586->97540 97587->97546 97588->97579 97589->97581 97590->97551 97602 cd2fa6 LeaveCriticalSection 97591->97602 97593 cd5331 97593->97555 97595 cd4c7d __FrameHandler3::FrameUnwindToState 20 API calls 97594->97595 97596 cd5012 97595->97596 97600 cd501f 97596->97600 97603 cd3405 11 API calls 2 library calls 97596->97603 97597 cd29c8 _free 20 API calls 97598 cd5071 97597->97598 97598->97550 97601 cd5147 EnterCriticalSection 97598->97601 97600->97597 97601->97550 97602->97593 97603->97596 97604 ca105b 97609 ca344d 97604->97609 97606 ca106a 97640 cc00a3 29 API calls __onexit 97606->97640 97608 ca1074 97610 ca345d __wsopen_s 97609->97610 97611 caa961 22 API calls 97610->97611 97612 ca3513 97611->97612 97613 ca3a5a 24 API calls 97612->97613 97614 ca351c 97613->97614 97641 ca3357 97614->97641 97617 ca33c6 22 API calls 97618 ca3535 97617->97618 97619 ca515f 22 API calls 97618->97619 97620 ca3544 97619->97620 97621 caa961 22 API calls 97620->97621 97622 ca354d 97621->97622 97623 caa6c3 22 API calls 97622->97623 97624 ca3556 RegOpenKeyExW 97623->97624 97625 ce3176 RegQueryValueExW 97624->97625 97629 ca3578 97624->97629 97626 ce320c RegCloseKey 97625->97626 97627 ce3193 97625->97627 97626->97629 97639 ce321e _wcslen 97626->97639 97628 cbfe0b 22 API calls 97627->97628 97630 ce31ac 97628->97630 97629->97606 97631 ca5722 22 API calls 97630->97631 97632 ce31b7 RegQueryValueExW 97631->97632 97634 ce31d4 97632->97634 97636 ce31ee ISource 97632->97636 97633 ca4c6d 22 API calls 97633->97639 97635 ca6b57 22 API calls 97634->97635 97635->97636 97636->97626 97637 ca9cb3 22 API calls 97637->97639 97638 ca515f 22 API calls 97638->97639 97639->97629 97639->97633 97639->97637 97639->97638 97640->97608 97642 ce1f50 __wsopen_s 97641->97642 97643 ca3364 GetFullPathNameW 97642->97643 97644 ca3386 97643->97644 97645 ca6b57 22 API calls 97644->97645 97646 ca33a4 97645->97646 97646->97617 97647 ca1098 97652 ca42de 97647->97652 97651 ca10a7 97653 caa961 22 API calls 97652->97653 97654 ca42f5 GetVersionExW 97653->97654 97655 ca6b57 22 API calls 97654->97655 97656 ca4342 97655->97656 97657 ca93b2 22 API calls 97656->97657 97671 ca4378 97656->97671 97658 ca436c 97657->97658 97660 ca37a0 22 API calls 97658->97660 97659 ca441b GetCurrentProcess IsWow64Process 97661 ca4437 97659->97661 97660->97671 97662 ca444f LoadLibraryA 97661->97662 97663 ce3824 GetSystemInfo 97661->97663 97664 ca449c GetSystemInfo 97662->97664 97665 ca4460 GetProcAddress 97662->97665 97667 ca4476 97664->97667 97665->97664 97666 ca4470 GetNativeSystemInfo 97665->97666 97666->97667 97669 ca447a FreeLibrary 97667->97669 97670 ca109d 97667->97670 97668 ce37df 97669->97670 97672 cc00a3 29 API calls __onexit 97670->97672 97671->97659 97671->97668 97672->97651 97673 caf7bf 97674 caf7d3 97673->97674 97675 cafcb6 97673->97675 97676 cafcc2 97674->97676 97678 cbfddb 22 API calls 97674->97678 97710 caaceb 23 API calls ISource 97675->97710 97711 caaceb 23 API calls ISource 97676->97711 97680 caf7e5 97678->97680 97680->97676 97681 caf83e 97680->97681 97682 cafd3d 97680->97682 97684 cb1310 185 API calls 97681->97684 97699 caed9d ISource 97681->97699 97712 d11155 22 API calls 97682->97712 97707 caec76 ISource 97684->97707 97685 cafef7 97685->97699 97714 caa8c7 22 API calls __fread_nolock 97685->97714 97688 cf4600 97688->97699 97713 caa8c7 22 API calls __fread_nolock 97688->97713 97689 cf4b0b 97716 d1359c 82 API calls __wsopen_s 97689->97716 97695 cc0242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 97695->97707 97696 caa8c7 22 API calls 97696->97707 97697 cafbe3 97697->97699 97700 cf4bdc 97697->97700 97706 caf3ae ISource 97697->97706 97698 caa961 22 API calls 97698->97707 97717 d1359c 82 API calls __wsopen_s 97700->97717 97702 cf4beb 97718 d1359c 82 API calls __wsopen_s 97702->97718 97703 cc01f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 97703->97707 97704 cbfddb 22 API calls 97704->97707 97705 cc00a3 29 API calls pre_c_initialization 97705->97707 97706->97699 97715 d1359c 82 API calls __wsopen_s 97706->97715 97707->97685 97707->97688 97707->97689 97707->97695 97707->97696 97707->97697 97707->97698 97707->97699 97707->97702 97707->97703 97707->97704 97707->97705 97707->97706 97708 cb01e0 185 API calls 2 library calls 97707->97708 97709 cb06a0 41 API calls ISource 97707->97709 97708->97707 97709->97707 97710->97676 97711->97682 97712->97699 97713->97699 97714->97699 97715->97699 97716->97699 97717->97702 97718->97699 97719 cc03fb 97720 cc0407 __FrameHandler3::FrameUnwindToState 97719->97720 97748 cbfeb1 97720->97748 97722 cc040e 97723 cc0561 97722->97723 97726 cc0438 97722->97726 97778 cc083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 97723->97778 97725 cc0568 97771 cc4e52 97725->97771 97737 cc0477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 97726->97737 97759 cd247d 97726->97759 97733 cc0457 97735 cc04d8 97767 cc0959 97735->97767 97737->97735 97774 cc4e1a 38 API calls 3 library calls 97737->97774 97739 cc04de 97740 cc04f3 97739->97740 97775 cc0992 GetModuleHandleW 97740->97775 97742 cc04fa 97742->97725 97743 cc04fe 97742->97743 97744 cc0507 97743->97744 97776 cc4df5 28 API calls _abort 97743->97776 97777 cc0040 13 API calls 2 library calls 97744->97777 97747 cc050f 97747->97733 97749 cbfeba 97748->97749 97780 cc0698 IsProcessorFeaturePresent 97749->97780 97751 cbfec6 97781 cc2c94 10 API calls 3 library calls 97751->97781 97753 cbfecb 97758 cbfecf 97753->97758 97782 cd2317 97753->97782 97756 cbfee6 97756->97722 97758->97722 97761 cd2494 97759->97761 97760 cc0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 97762 cc0451 97760->97762 97761->97760 97762->97733 97763 cd2421 97762->97763 97764 cd2450 97763->97764 97765 cc0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 97764->97765 97766 cd2479 97765->97766 97766->97737 97833 cc2340 97767->97833 97770 cc097f 97770->97739 97835 cc4bcf 97771->97835 97774->97735 97775->97742 97776->97744 97777->97747 97778->97725 97780->97751 97781->97753 97786 cdd1f6 97782->97786 97785 cc2cbd 8 API calls 3 library calls 97785->97758 97789 cdd213 97786->97789 97790 cdd20f 97786->97790 97788 cbfed8 97788->97756 97788->97785 97789->97790 97792 cd4bfb 97789->97792 97804 cc0a8c 97790->97804 97793 cd4c07 __FrameHandler3::FrameUnwindToState 97792->97793 97811 cd2f5e EnterCriticalSection 97793->97811 97795 cd4c0e 97812 cd50af 97795->97812 97797 cd4c1d 97803 cd4c2c 97797->97803 97825 cd4a8f 29 API calls 97797->97825 97800 cd4c27 97826 cd4b45 GetStdHandle GetFileType 97800->97826 97801 cd4c3d __wsopen_s 97801->97789 97827 cd4c48 LeaveCriticalSection _abort 97803->97827 97805 cc0a95 97804->97805 97806 cc0a97 IsProcessorFeaturePresent 97804->97806 97805->97788 97808 cc0c5d 97806->97808 97832 cc0c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 97808->97832 97810 cc0d40 97810->97788 97811->97795 97813 cd50bb __FrameHandler3::FrameUnwindToState 97812->97813 97814 cd50df 97813->97814 97815 cd50c8 97813->97815 97828 cd2f5e EnterCriticalSection 97814->97828 97829 ccf2d9 20 API calls __dosmaperr 97815->97829 97818 cd50cd 97830 cd27ec 26 API calls __cftof 97818->97830 97820 cd50d7 __wsopen_s 97820->97797 97821 cd5117 97831 cd513e LeaveCriticalSection _abort 97821->97831 97823 cd50eb 97823->97821 97824 cd5000 __wsopen_s 21 API calls 97823->97824 97824->97823 97825->97800 97826->97803 97827->97801 97828->97823 97829->97818 97830->97820 97831->97820 97832->97810 97834 cc096c GetStartupInfoW 97833->97834 97834->97770 97836 cc4bdb __FrameHandler3::FrameUnwindToState 97835->97836 97837 cc4bf4 97836->97837 97838 cc4be2 97836->97838 97859 cd2f5e EnterCriticalSection 97837->97859 97874 cc4d29 GetModuleHandleW 97838->97874 97841 cc4be7 97841->97837 97875 cc4d6d GetModuleHandleExW 97841->97875 97846 cc4bfb 97849 cc4c70 97846->97849 97858 cc4c99 97846->97858 97860 cd21a8 97846->97860 97847 cc4cb6 97866 cc4ce8 97847->97866 97848 cc4ce2 97883 ce1d29 5 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 97848->97883 97850 cc4c88 97849->97850 97854 cd2421 _abort 5 API calls 97849->97854 97855 cd2421 _abort 5 API calls 97850->97855 97854->97850 97855->97858 97863 cc4cd9 97858->97863 97859->97846 97884 cd1ee1 97860->97884 97903 cd2fa6 LeaveCriticalSection 97863->97903 97865 cc4cb2 97865->97847 97865->97848 97904 cd360c 97866->97904 97869 cc4d16 97871 cc4d6d _abort 8 API calls 97869->97871 97870 cc4cf6 GetPEB 97870->97869 97872 cc4d06 GetCurrentProcess TerminateProcess 97870->97872 97873 cc4d1e ExitProcess 97871->97873 97872->97869 97874->97841 97876 cc4dba 97875->97876 97877 cc4d97 GetProcAddress 97875->97877 97878 cc4dc9 97876->97878 97879 cc4dc0 FreeLibrary 97876->97879 97881 cc4dac 97877->97881 97880 cc0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 97878->97880 97879->97878 97882 cc4bf3 97880->97882 97881->97876 97882->97837 97887 cd1e90 97884->97887 97886 cd1f05 97886->97849 97888 cd1e9c __FrameHandler3::FrameUnwindToState 97887->97888 97895 cd2f5e EnterCriticalSection 97888->97895 97890 cd1eaa 97896 cd1f31 97890->97896 97894 cd1ec8 __wsopen_s 97894->97886 97895->97890 97897 cd1f51 97896->97897 97900 cd1f59 97896->97900 97898 cc0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 97897->97898 97899 cd1eb7 97898->97899 97902 cd1ed5 LeaveCriticalSection _abort 97899->97902 97900->97897 97901 cd29c8 _free 20 API calls 97900->97901 97901->97897 97902->97894 97903->97865 97905 cd3627 97904->97905 97906 cd3631 97904->97906 97908 cc0a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 97905->97908 97911 cd2fd7 5 API calls 2 library calls 97906->97911 97909 cc4cf2 97908->97909 97909->97869 97909->97870 97910 cd3648 97910->97905 97911->97910 97912 ca1033 97917 ca4c91 97912->97917 97916 ca1042 97918 caa961 22 API calls 97917->97918 97919 ca4cff 97918->97919 97925 ca3af0 97919->97925 97921 ca4d9c 97923 ca1038 97921->97923 97928 ca51f7 22 API calls __fread_nolock 97921->97928 97924 cc00a3 29 API calls __onexit 97923->97924 97924->97916 97929 ca3b1c 97925->97929 97928->97921 97930 ca3b29 97929->97930 97931 ca3b0f 97929->97931 97930->97931 97932 ca3b30 RegOpenKeyExW 97930->97932 97931->97921 97932->97931 97933 ca3b4a RegQueryValueExW 97932->97933 97934 ca3b6b 97933->97934 97935 ca3b80 RegCloseKey 97933->97935 97934->97935 97935->97931 97936 cf3f75 97947 cbceb1 97936->97947 97938 cf3f8b 97939 cf4006 97938->97939 97956 cbe300 23 API calls 97938->97956 97941 cabf40 185 API calls 97939->97941 97942 cf4052 97941->97942 97945 cf4a88 97942->97945 97958 d1359c 82 API calls __wsopen_s 97942->97958 97944 cf3fe6 97944->97942 97957 d11abf 22 API calls 97944->97957 97948 cbcebf 97947->97948 97949 cbced2 97947->97949 97959 caaceb 23 API calls ISource 97948->97959 97951 cbced7 97949->97951 97952 cbcf05 97949->97952 97953 cbfddb 22 API calls 97951->97953 97960 caaceb 23 API calls ISource 97952->97960 97955 cbcec9 97953->97955 97955->97938 97956->97944 97957->97939 97958->97945 97959->97955 97960->97955 97961 ca3156 97964 ca3170 97961->97964 97965 ca3187 97964->97965 97966 ca31eb 97965->97966 97967 ca318c 97965->97967 98003 ca31e9 97965->98003 97969 ce2dfb 97966->97969 97970 ca31f1 97966->97970 97971 ca3199 97967->97971 97972 ca3265 PostQuitMessage 97967->97972 97968 ca31d0 DefWindowProcW 98006 ca316a 97968->98006 98012 ca18e2 10 API calls 97969->98012 97973 ca31f8 97970->97973 97974 ca321d SetTimer RegisterWindowMessageW 97970->97974 97976 ce2e7c 97971->97976 97977 ca31a4 97971->97977 97972->98006 97978 ce2d9c 97973->97978 97979 ca3201 KillTimer 97973->97979 97981 ca3246 CreatePopupMenu 97974->97981 97974->98006 98016 d0bf30 34 API calls ___scrt_fastfail 97976->98016 97982 ca31ae 97977->97982 97983 ce2e68 97977->97983 97985 ce2dd7 MoveWindow 97978->97985 97986 ce2da1 97978->97986 97987 ca30f2 Shell_NotifyIconW 97979->97987 97980 ce2e1c 98013 cbe499 42 API calls 97980->98013 97981->98006 97990 ce2e4d 97982->97990 97991 ca31b9 97982->97991 98015 d0c161 27 API calls ___scrt_fastfail 97983->98015 97985->98006 97993 ce2dc6 SetFocus 97986->97993 97994 ce2da7 97986->97994 97995 ca3214 97987->97995 97990->97968 98014 d00ad7 22 API calls 97990->98014 97996 ca3253 97991->97996 98001 ca31c4 97991->98001 97992 ce2e8e 97992->97968 97992->98006 97993->98006 97997 ce2db0 97994->97997 97994->98001 98009 ca3c50 DeleteObject DestroyWindow 97995->98009 98010 ca326f 44 API calls ___scrt_fastfail 97996->98010 98011 ca18e2 10 API calls 97997->98011 98001->97968 98005 ca30f2 Shell_NotifyIconW 98001->98005 98003->97968 98004 ca3263 98004->98006 98007 ce2e41 98005->98007 98008 ca3837 49 API calls 98007->98008 98008->98003 98009->98006 98010->98004 98011->98006 98012->97980 98013->98001 98014->98003 98015->98004 98016->97992 98017 ca2e37 98018 caa961 22 API calls 98017->98018 98019 ca2e4d 98018->98019 98096 ca4ae3 98019->98096 98021 ca2e6b 98022 ca3a5a 24 API calls 98021->98022 98023 ca2e7f 98022->98023 98024 ca9cb3 22 API calls 98023->98024 98025 ca2e8c 98024->98025 98026 ca4ecb 94 API calls 98025->98026 98027 ca2ea5 98026->98027 98028 ca2ead 98027->98028 98029 ce2cb0 98027->98029 98110 caa8c7 22 API calls __fread_nolock 98028->98110 98030 d12cf9 80 API calls 98029->98030 98031 ce2cc3 98030->98031 98033 ce2ccf 98031->98033 98035 ca4f39 68 API calls 98031->98035 98037 ca4f39 68 API calls 98033->98037 98034 ca2ec3 98111 ca6f88 22 API calls 98034->98111 98035->98033 98039 ce2ce5 98037->98039 98038 ca2ecf 98040 ca9cb3 22 API calls 98038->98040 98128 ca3084 22 API calls 98039->98128 98041 ca2edc 98040->98041 98112 caa81b 41 API calls 98041->98112 98044 ca2eec 98046 ca9cb3 22 API calls 98044->98046 98045 ce2d02 98129 ca3084 22 API calls 98045->98129 98047 ca2f12 98046->98047 98113 caa81b 41 API calls 98047->98113 98050 ce2d1e 98051 ca3a5a 24 API calls 98050->98051 98052 ce2d44 98051->98052 98130 ca3084 22 API calls 98052->98130 98053 ca2f21 98056 caa961 22 API calls 98053->98056 98055 ce2d50 98131 caa8c7 22 API calls __fread_nolock 98055->98131 98058 ca2f3f 98056->98058 98114 ca3084 22 API calls 98058->98114 98059 ce2d5e 98132 ca3084 22 API calls 98059->98132 98062 ca2f4b 98115 cc4a28 40 API calls 3 library calls 98062->98115 98063 ce2d6d 98133 caa8c7 22 API calls __fread_nolock 98063->98133 98065 ca2f59 98065->98039 98066 ca2f63 98065->98066 98116 cc4a28 40 API calls 3 library calls 98066->98116 98069 ca2f6e 98069->98045 98071 ca2f78 98069->98071 98070 ce2d83 98134 ca3084 22 API calls 98070->98134 98117 cc4a28 40 API calls 3 library calls 98071->98117 98074 ce2d90 98075 ca2f83 98075->98050 98076 ca2f8d 98075->98076 98118 cc4a28 40 API calls 3 library calls 98076->98118 98078 ca2fdc 98078->98063 98080 ca2fe8 98078->98080 98079 ca2f98 98079->98078 98119 ca3084 22 API calls 98079->98119 98080->98074 98122 ca63eb 22 API calls 98080->98122 98083 ca2fbf 98120 caa8c7 22 API calls __fread_nolock 98083->98120 98084 ca2ff8 98123 ca6a50 22 API calls 98084->98123 98087 ca2fcd 98121 ca3084 22 API calls 98087->98121 98088 ca3006 98124 ca70b0 23 API calls 98088->98124 98093 ca3021 98094 ca3065 98093->98094 98125 ca6f88 22 API calls 98093->98125 98126 ca70b0 23 API calls 98093->98126 98127 ca3084 22 API calls 98093->98127 98097 ca4af0 __wsopen_s 98096->98097 98098 ca6b57 22 API calls 98097->98098 98099 ca4b22 98097->98099 98098->98099 98102 ca4b58 98099->98102 98135 ca4c6d 98099->98135 98101 ca4c29 98103 ca4c5e 98101->98103 98104 ca9cb3 22 API calls 98101->98104 98102->98101 98105 ca9cb3 22 API calls 98102->98105 98107 ca4c6d 22 API calls 98102->98107 98109 ca515f 22 API calls 98102->98109 98103->98021 98106 ca4c52 98104->98106 98105->98102 98108 ca515f 22 API calls 98106->98108 98107->98102 98108->98103 98109->98102 98110->98034 98111->98038 98112->98044 98113->98053 98114->98062 98115->98065 98116->98069 98117->98075 98118->98079 98119->98083 98120->98087 98121->98078 98122->98084 98123->98088 98124->98093 98125->98093 98126->98093 98127->98093 98128->98045 98129->98050 98130->98055 98131->98059 98132->98063 98133->98070 98134->98074 98136 caaec9 22 API calls 98135->98136 98137 ca4c78 98136->98137 98137->98099

                                                                                                                    Executed Functions

                                                                                                                    Function 00CA42DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 234 ca42de-ca434d call caa961 GetVersionExW call ca6b57 239 ce3617-ce362a 234->239 240 ca4353 234->240 241 ce362b-ce362f 239->241 242 ca4355-ca4357 240->242 245 ce3632-ce363e 241->245 246 ce3631 241->246 243 ca435d-ca43bc call ca93b2 call ca37a0 242->243 244 ce3656 242->244 262 ce37df-ce37e6 243->262 263 ca43c2-ca43c4 243->263 249 ce365d-ce3660 244->249 245->241 248 ce3640-ce3642 245->248 246->245 248->242 251 ce3648-ce364f 248->251 252 ca441b-ca4435 GetCurrentProcess IsWow64Process 249->252 253 ce3666-ce36a8 249->253 251->239 255 ce3651 251->255 258 ca4437 252->258 259 ca4494-ca449a 252->259 253->252 256 ce36ae-ce36b1 253->256 255->244 260 ce36db-ce36e5 256->260 261 ce36b3-ce36bd 256->261 264 ca443d-ca4449 258->264 259->264 268 ce36f8-ce3702 260->268 269 ce36e7-ce36f3 260->269 265 ce36bf-ce36c5 261->265 266 ce36ca-ce36d6 261->266 270 ce37e8 262->270 271 ce3806-ce3809 262->271 263->249 267 ca43ca-ca43dd 263->267 272 ca444f-ca445e LoadLibraryA 264->272 273 ce3824-ce3828 GetSystemInfo 264->273 265->252 266->252 274 ce3726-ce372f 267->274 275 ca43e3-ca43e5 267->275 277 ce3704-ce3710 268->277 278 ce3715-ce3721 268->278 269->252 276 ce37ee 270->276 279 ce380b-ce381a 271->279 280 ce37f4-ce37fc 271->280 281 ca449c-ca44a6 GetSystemInfo 272->281 282 ca4460-ca446e GetProcAddress 272->282 287 ce373c-ce3748 274->287 288 ce3731-ce3737 274->288 285 ca43eb-ca43ee 275->285 286 ce374d-ce3762 275->286 276->280 277->252 278->252 279->276 289 ce381c-ce3822 279->289 280->271 284 ca4476-ca4478 281->284 282->281 283 ca4470-ca4474 GetNativeSystemInfo 282->283 283->284 290 ca447a-ca447b FreeLibrary 284->290 291 ca4481-ca4493 284->291 292 ca43f4-ca440f 285->292 293 ce3791-ce3794 285->293 294 ce376f-ce377b 286->294 295 ce3764-ce376a 286->295 287->252 288->252 289->280 290->291 297 ce3780-ce378c 292->297 298 ca4415 292->298 293->252 296 ce379a-ce37c1 293->296 294->252 295->252 299 ce37ce-ce37da 296->299 300 ce37c3-ce37c9 296->300 297->252 298->252 299->252 300->252
                                                                                                                    APIs
                                                                                                                    • GetVersionExW.KERNEL32(?), ref: 00CA430D
                                                                                                                      • Part of subcall function 00CA6B57: _wcslen.LIBCMT ref: 00CA6B6A
                                                                                                                    • GetCurrentProcess.KERNEL32(?,00D3CB64,00000000,?,?), ref: 00CA4422
                                                                                                                    • IsWow64Process.KERNEL32(00000000,?,?), ref: 00CA4429
                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00CA4454
                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00CA4466
                                                                                                                    • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00CA4474
                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?), ref: 00CA447B
                                                                                                                    • GetSystemInfo.KERNEL32(?,?,?), ref: 00CA44A0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                    • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                    • API String ID: 3290436268-3101561225
                                                                                                                    • Opcode ID: 567128170a557ce9e7456b261e16ec9ad56ea7ac1bd90cb97b237dc007736731
                                                                                                                    • Instruction ID: 7daf463096d3fe05b5a96b5a660e5c2827013d1bbd0124c06e19a44fdc6e7310
                                                                                                                    • Opcode Fuzzy Hash: 567128170a557ce9e7456b261e16ec9ad56ea7ac1bd90cb97b237dc007736731
                                                                                                                    • Instruction Fuzzy Hash: 64A1F37A91A3C0CFC715CB7E7C451A57FA47B67304B085A9AE08DD7BA2F2604688DB31
                                                                                                                    Function 00CA42A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 638 ca42a2-ca42ba CreateStreamOnHGlobal 639 ca42da-ca42dd 638->639 640 ca42bc-ca42d3 FindResourceExW 638->640 641 ca42d9 640->641 642 ce35ba-ce35c9 LoadResource 640->642 641->639 642->641 643 ce35cf-ce35dd SizeofResource 642->643 643->641 644 ce35e3-ce35ee LockResource 643->644 644->641 645 ce35f4-ce3612 644->645 645->641
                                                                                                                    APIs
                                                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,?,?,?,00CA50AA,?,?,00000000,00000000), ref: 00CA42B2
                                                                                                                    • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00CA50AA,?,?,00000000,00000000), ref: 00CA42C9
                                                                                                                    • LoadResource.KERNEL32(?,00000000,?,?,00CA50AA,?,?,00000000,00000000,?,?,?,?,?,?,00CA4F20), ref: 00CE35BE
                                                                                                                    • SizeofResource.KERNEL32(?,00000000,?,?,00CA50AA,?,?,00000000,00000000,?,?,?,?,?,?,00CA4F20), ref: 00CE35D3
                                                                                                                    • LockResource.KERNEL32(00CA50AA,?,?,00CA50AA,?,?,00000000,00000000,?,?,?,?,?,?,00CA4F20,?), ref: 00CE35E6
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                    • String ID: SCRIPT
                                                                                                                    • API String ID: 3051347437-3967369404
                                                                                                                    • Opcode ID: 3d9c1951c1989699f48eab2a8ee3bd5c8681c24d2c16f7afdf057dc5ed975762
                                                                                                                    • Instruction ID: 16cdc337e22fae8ca31e96f1b14659934c6ecc9cfb362e20642e4bc8e7e1a4a8
                                                                                                                    • Opcode Fuzzy Hash: 3d9c1951c1989699f48eab2a8ee3bd5c8681c24d2c16f7afdf057dc5ed975762
                                                                                                                    • Instruction Fuzzy Hash: 80118E75240701BFD7258B65DC48F277BB9EBC6B55F104269F412EA250DBB1DD008730
                                                                                                                    Function 00CE2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00CA2B6B
                                                                                                                      • Part of subcall function 00CA3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00D71418,?,00CA2E7F,?,?,?,00000000), ref: 00CA3A78
                                                                                                                      • Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD
                                                                                                                    • GetForegroundWindow.USER32(runas,?,?,?,?,?,00D62224), ref: 00CE2C10
                                                                                                                    • ShellExecuteW.SHELL32(00000000,?,?,00D62224), ref: 00CE2C17
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                    • String ID: runas
                                                                                                                    • API String ID: 448630720-4000483414
                                                                                                                    • Opcode ID: 49e838549ee89ca8503f9b17c6ede3b460e99dd924959a8493221d51fdfc92ac
                                                                                                                    • Instruction ID: 14a410c24147b5da4991358393bb32eef250b34925ec1ba647e6ca82c9dd0c20
                                                                                                                    • Opcode Fuzzy Hash: 49e838549ee89ca8503f9b17c6ede3b460e99dd924959a8493221d51fdfc92ac
                                                                                                                    • Instruction Fuzzy Hash: 7F11B4312083835BC714FF68E8669BE77A49B9335CF44552DF057521A2DF208A4AA732
                                                                                                                    Function 00D0D4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32 ref: 00D0D501
                                                                                                                    • Process32FirstW.KERNEL32(00000000,?), ref: 00D0D50F
                                                                                                                    • Process32NextW.KERNEL32(00000000,?), ref: 00D0D52F
                                                                                                                    • FindCloseChangeNotification.KERNEL32(00000000), ref: 00D0D5DC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process32$ChangeCloseCreateFindFirstNextNotificationSnapshotToolhelp32
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3243318325-0
                                                                                                                    • Opcode ID: e425955eba78c13c3cb1d3f7a40040d61003336ea2eb41bcb4c78ed735b779d0
                                                                                                                    • Instruction ID: 0cc403b23023b19200f5f6bc90626b6333adc13047e4deeb2e5b1b9fe9f383d6
                                                                                                                    • Opcode Fuzzy Hash: e425955eba78c13c3cb1d3f7a40040d61003336ea2eb41bcb4c78ed735b779d0
                                                                                                                    • Instruction Fuzzy Hash: B83191721083019FD300EF64CC85BAFBBE8EF9A358F14092DF585961E1EB719945DBA2
                                                                                                                    Function 00D0DBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 907 d0dbbe-d0dbda lstrlenW 908 d0dc06 907->908 909 d0dbdc-d0dbe6 GetFileAttributesW 907->909 911 d0dc09-d0dc0d 908->911 910 d0dbe8-d0dbf7 FindFirstFileW 909->910 909->911 910->908 912 d0dbf9-d0dc04 FindClose 910->912 912->911
                                                                                                                    APIs
                                                                                                                    • lstrlenW.KERNEL32(?,00CE5222), ref: 00D0DBCE
                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00D0DBDD
                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00D0DBEE
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00D0DBFA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2695905019-0
                                                                                                                    • Opcode ID: 72101fbcc153c051422b1d5290610a1d9178e43264c8eedae0f70726e1a0288f
                                                                                                                    • Instruction ID: 99e105c7f183cf2045e32cf12e286e5c5438b736e4e211dd8a9b3975ad87a8a6
                                                                                                                    • Opcode Fuzzy Hash: 72101fbcc153c051422b1d5290610a1d9178e43264c8eedae0f70726e1a0288f
                                                                                                                    • Instruction Fuzzy Hash: EEF0A73142062057D2206BB89C0D56F3B7D9E05334B144703F879D11E0EBB0595486BD
                                                                                                                    Function 00CC4CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCurrentProcess.KERNEL32(00CD28E9,?,00CC4CBE,00CD28E9,00D688B8,0000000C,00CC4E15,00CD28E9,00000002,00000000,?,00CD28E9), ref: 00CC4D09
                                                                                                                    • TerminateProcess.KERNEL32(00000000,?,00CC4CBE,00CD28E9,00D688B8,0000000C,00CC4E15,00CD28E9,00000002,00000000,?,00CD28E9), ref: 00CC4D10
                                                                                                                    • ExitProcess.KERNEL32 ref: 00CC4D22
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$CurrentExitTerminate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1703294689-0
                                                                                                                    • Opcode ID: 6864ccffeaa6ed9c9adb2a9afa475a1a159908ea8b3686c85cc156b5c86a239b
                                                                                                                    • Instruction ID: 9b75b0f127e5c9ac33c5fd6944e8002fa164041f2ddb4902c8182de7b42955f2
                                                                                                                    • Opcode Fuzzy Hash: 6864ccffeaa6ed9c9adb2a9afa475a1a159908ea8b3686c85cc156b5c86a239b
                                                                                                                    • Instruction Fuzzy Hash: 60E0B631010248ABCF15BF64DD1AF983B69FB41791B148418FD16DA222CB35DE52DB90
                                                                                                                    Function 00CAD731 Relevance: 21.6, APIs: 14, Instructions: 624windowsleeptimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetInputState.USER32 ref: 00CAD807
                                                                                                                    • timeGetTime.WINMM ref: 00CADA07
                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00CADB28
                                                                                                                    • TranslateMessage.USER32(?), ref: 00CADB7B
                                                                                                                    • DispatchMessageW.USER32(?), ref: 00CADB89
                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00CADB9F
                                                                                                                    • Sleep.KERNEL32(0000000A), ref: 00CADBB1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2189390790-0
                                                                                                                    • Opcode ID: 4aae41a2b85129aa14695f0a27648666634aea8bab251431f6099a40f2312f41
                                                                                                                    • Instruction ID: f0e7da320600481fb9aeb052921aca58a0bbcdba6e2d8dfd62aac1f8a5fadfce
                                                                                                                    • Opcode Fuzzy Hash: 4aae41a2b85129aa14695f0a27648666634aea8bab251431f6099a40f2312f41
                                                                                                                    • Instruction Fuzzy Hash: A242D130608346DFD768CF25C884BBAB7E0BF46318F144619E967876A1D770E984DBA3
                                                                                                                    Function 00CA2CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00CA2D07
                                                                                                                    • RegisterClassExW.USER32(00000030), ref: 00CA2D31
                                                                                                                    • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00CA2D42
                                                                                                                    • InitCommonControlsEx.COMCTL32(?), ref: 00CA2D5F
                                                                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00CA2D6F
                                                                                                                    • LoadIconW.USER32(000000A9), ref: 00CA2D85
                                                                                                                    • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00CA2D94
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                    • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                    • API String ID: 2914291525-1005189915
                                                                                                                    • Opcode ID: 13ff7899c5ff3461d3ec67ffec0fc217f0ad6f1c379808fad1ed9d318440c1d0
                                                                                                                    • Instruction ID: 1611533b31fd5b976eaf2a4497ea232bef6b2c5f60b6251900ac8bdfd1ecc788
                                                                                                                    • Opcode Fuzzy Hash: 13ff7899c5ff3461d3ec67ffec0fc217f0ad6f1c379808fad1ed9d318440c1d0
                                                                                                                    • Instruction Fuzzy Hash: 8E21E7B9911309AFDB00DFA8E849BDDBBB4FB08700F10521AEA15F6390E7B145448FA0
                                                                                                                    Function 00CE065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 302 ce065b-ce068b call ce042f 305 ce068d-ce0698 call ccf2c6 302->305 306 ce06a6-ce06b2 call cd5221 302->306 311 ce069a-ce06a1 call ccf2d9 305->311 312 ce06cb-ce0714 call ce039a 306->312 313 ce06b4-ce06c9 call ccf2c6 call ccf2d9 306->313 322 ce097d-ce0983 311->322 320 ce0716-ce071f 312->320 321 ce0781-ce078a GetFileType 312->321 313->311 324 ce0756-ce077c GetLastError call ccf2a3 320->324 325 ce0721-ce0725 320->325 326 ce078c-ce07bd GetLastError call ccf2a3 CloseHandle 321->326 327 ce07d3-ce07d6 321->327 324->311 325->324 331 ce0727-ce0754 call ce039a 325->331 326->311 341 ce07c3-ce07ce call ccf2d9 326->341 329 ce07df-ce07e5 327->329 330 ce07d8-ce07dd 327->330 334 ce07e9-ce0837 call cd516a 329->334 335 ce07e7 329->335 330->334 331->321 331->324 345 ce0839-ce0845 call ce05ab 334->345 346 ce0847-ce086b call ce014d 334->346 335->334 341->311 345->346 351 ce086f-ce0879 call cd86ae 345->351 352 ce087e-ce08c1 346->352 353 ce086d 346->353 351->322 355 ce08e2-ce08f0 352->355 356 ce08c3-ce08c7 352->356 353->351 359 ce097b 355->359 360 ce08f6-ce08fa 355->360 356->355 358 ce08c9-ce08dd 356->358 358->355 359->322 360->359 361 ce08fc-ce092f CloseHandle call ce039a 360->361 364 ce0963-ce0977 361->364 365 ce0931-ce095d GetLastError call ccf2a3 call cd5333 361->365 364->359 365->364
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CE039A: CreateFileW.KERNEL32(00000000,00000000,?,00CE0704,?,?,00000000,?,00CE0704,00000000,0000000C), ref: 00CE03B7
                                                                                                                    • GetLastError.KERNEL32 ref: 00CE076F
                                                                                                                    • __dosmaperr.LIBCMT ref: 00CE0776
                                                                                                                    • GetFileType.KERNEL32(00000000), ref: 00CE0782
                                                                                                                    • GetLastError.KERNEL32 ref: 00CE078C
                                                                                                                    • __dosmaperr.LIBCMT ref: 00CE0795
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00CE07B5
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00CE08FF
                                                                                                                    • GetLastError.KERNEL32 ref: 00CE0931
                                                                                                                    • __dosmaperr.LIBCMT ref: 00CE0938
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                    • String ID: H
                                                                                                                    • API String ID: 4237864984-2852464175
                                                                                                                    • Opcode ID: 287cec263b0eb354977916f226bb563c9eccfe30e7a29fbab20e4ac96cfd789a
                                                                                                                    • Instruction ID: 915c3f220dff9d35e70168e6f3c222c6fe255576b369fd69b104543b1706c0f8
                                                                                                                    • Opcode Fuzzy Hash: 287cec263b0eb354977916f226bb563c9eccfe30e7a29fbab20e4ac96cfd789a
                                                                                                                    • Instruction Fuzzy Hash: 19A13732A002848FDF19AF68D851BAE7BA1AB06320F24015DF815EB3D1D7719D93DBA1
                                                                                                                    Function 00CA344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA3A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00D71418,?,00CA2E7F,?,?,?,00000000), ref: 00CA3A78
                                                                                                                      • Part of subcall function 00CA3357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00CA3379
                                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 00CA356A
                                                                                                                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 00CE318D
                                                                                                                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 00CE31CE
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00CE3210
                                                                                                                    • _wcslen.LIBCMT ref: 00CE3277
                                                                                                                    • _wcslen.LIBCMT ref: 00CE3286
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                    • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                    • API String ID: 98802146-2727554177
                                                                                                                    • Opcode ID: 792460778d1959cafc64fa6ae0586cab23735058cbc44dd552ca98494a7574bc
                                                                                                                    • Instruction ID: 9b198f330af10d291e6cac08757f8afcc3cd607650009b6d93e7e209fef4696b
                                                                                                                    • Opcode Fuzzy Hash: 792460778d1959cafc64fa6ae0586cab23735058cbc44dd552ca98494a7574bc
                                                                                                                    • Instruction Fuzzy Hash: 8571A1714043819EC304EF65DC869ABBBE8FF85354F40482EF589D72A1EB749A88DB71
                                                                                                                    Function 00CA2B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    APIs
                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00CA2B8E
                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 00CA2B9D
                                                                                                                    • LoadIconW.USER32(00000063), ref: 00CA2BB3
                                                                                                                    • LoadIconW.USER32(000000A4), ref: 00CA2BC5
                                                                                                                    • LoadIconW.USER32(000000A2), ref: 00CA2BD7
                                                                                                                    • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00CA2BEF
                                                                                                                    • RegisterClassExW.USER32(?), ref: 00CA2C40
                                                                                                                      • Part of subcall function 00CA2CD4: GetSysColorBrush.USER32(0000000F), ref: 00CA2D07
                                                                                                                      • Part of subcall function 00CA2CD4: RegisterClassExW.USER32(00000030), ref: 00CA2D31
                                                                                                                      • Part of subcall function 00CA2CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00CA2D42
                                                                                                                      • Part of subcall function 00CA2CD4: InitCommonControlsEx.COMCTL32(?), ref: 00CA2D5F
                                                                                                                      • Part of subcall function 00CA2CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00CA2D6F
                                                                                                                      • Part of subcall function 00CA2CD4: LoadIconW.USER32(000000A9), ref: 00CA2D85
                                                                                                                      • Part of subcall function 00CA2CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00CA2D94
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                    • String ID: #$0$AutoIt v3
                                                                                                                    • API String ID: 423443420-4155596026
                                                                                                                    • Opcode ID: 62b08dd94e092f6bcbf6b99c9bc68b36ab19facfd9cdecf4b6d6fd368d8f3102
                                                                                                                    • Instruction ID: fd8648db7f8c348b520a83cec27cc8d4b4705b30a5c3794adb7e19eca370a7c7
                                                                                                                    • Opcode Fuzzy Hash: 62b08dd94e092f6bcbf6b99c9bc68b36ab19facfd9cdecf4b6d6fd368d8f3102
                                                                                                                    • Instruction Fuzzy Hash: 77212CB9E10314ABDB109FA9EC56B9D7FB4FB48B50F10411AF508E67A0E7B15584CFA0
                                                                                                                    Function 00CA3170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 443 ca3170-ca3185 444 ca3187-ca318a 443->444 445 ca31e5-ca31e7 443->445 447 ca31eb 444->447 448 ca318c-ca3193 444->448 445->444 446 ca31e9 445->446 449 ca31d0-ca31d8 DefWindowProcW 446->449 450 ce2dfb-ce2e23 call ca18e2 call cbe499 447->450 451 ca31f1-ca31f6 447->451 452 ca3199-ca319e 448->452 453 ca3265-ca326d PostQuitMessage 448->453 460 ca31de-ca31e4 449->460 489 ce2e28-ce2e2f 450->489 455 ca31f8-ca31fb 451->455 456 ca321d-ca3244 SetTimer RegisterWindowMessageW 451->456 458 ce2e7c-ce2e90 call d0bf30 452->458 459 ca31a4-ca31a8 452->459 454 ca3219-ca321b 453->454 454->460 461 ce2d9c-ce2d9f 455->461 462 ca3201-ca320f KillTimer call ca30f2 455->462 456->454 464 ca3246-ca3251 CreatePopupMenu 456->464 458->454 484 ce2e96 458->484 465 ca31ae-ca31b3 459->465 466 ce2e68-ce2e77 call d0c161 459->466 468 ce2dd7-ce2df6 MoveWindow 461->468 469 ce2da1-ce2da5 461->469 479 ca3214 call ca3c50 462->479 464->454 473 ce2e4d-ce2e54 465->473 474 ca31b9-ca31be 465->474 466->454 468->454 476 ce2dc6-ce2dd2 SetFocus 469->476 477 ce2da7-ce2daa 469->477 473->449 478 ce2e5a-ce2e63 call d00ad7 473->478 482 ca3253-ca3263 call ca326f 474->482 483 ca31c4-ca31ca 474->483 476->454 477->483 485 ce2db0-ce2dc1 call ca18e2 477->485 478->449 479->454 482->454 483->449 483->489 484->449 485->454 489->449 493 ce2e35-ce2e48 call ca30f2 call ca3837 489->493 493->449
                                                                                                                    APIs
                                                                                                                    • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,00CA316A,?,?), ref: 00CA31D8
                                                                                                                    • KillTimer.USER32(?,00000001,?,?,?,?,?,00CA316A,?,?), ref: 00CA3204
                                                                                                                    • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00CA3227
                                                                                                                    • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,00CA316A,?,?), ref: 00CA3232
                                                                                                                    • CreatePopupMenu.USER32 ref: 00CA3246
                                                                                                                    • PostQuitMessage.USER32(00000000), ref: 00CA3267
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                    • String ID: TaskbarCreated
                                                                                                                    • API String ID: 129472671-2362178303
                                                                                                                    • Opcode ID: 3aafaf619423a4107e41bd6798871f39373307b34f688eb3ad7e3c6f20a62e52
                                                                                                                    • Instruction ID: e687aa99a59146e4452019a33a07ee454b27fc6dd5b33ebd11b6ba0829319a59
                                                                                                                    • Opcode Fuzzy Hash: 3aafaf619423a4107e41bd6798871f39373307b34f688eb3ad7e3c6f20a62e52
                                                                                                                    • Instruction Fuzzy Hash: DC412739250386ABDB151B7C9C2EB7D3A19E747348F040315FA2AD63E2E7618B40D7B1
                                                                                                                    Function 00CA1410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332comCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 499 ca1410-ca1449 500 ca144f-ca1465 mciSendStringW 499->500 501 ce24b8-ce24b9 DestroyWindow 499->501 502 ca146b-ca1473 500->502 503 ca16c6-ca16d3 500->503 504 ce24c4-ce24d1 501->504 502->504 505 ca1479-ca1488 call ca182e 502->505 506 ca16f8-ca16ff 503->506 507 ca16d5-ca16f0 UnregisterHotKey 503->507 508 ce24d3-ce24d6 504->508 509 ce2500-ce2507 504->509 520 ce250e-ce251a 505->520 521 ca148e-ca1496 505->521 506->502 512 ca1705 506->512 507->506 511 ca16f2-ca16f3 call ca10d0 507->511 513 ce24d8-ce24e0 call ca6246 508->513 514 ce24e2-ce24e5 FindClose 508->514 509->504 517 ce2509 509->517 511->506 512->503 519 ce24eb-ce24f8 513->519 514->519 517->520 519->509 523 ce24fa-ce24fb call d132b1 519->523 526 ce251c-ce251e FreeLibrary 520->526 527 ce2524-ce252b 520->527 524 ca149c-ca14c1 call cacfa0 521->524 525 ce2532-ce253f 521->525 523->509 537 ca14f8-ca1503 OleUninitialize 524->537 538 ca14c3 524->538 528 ce2566-ce256d 525->528 529 ce2541-ce255e VirtualFree 525->529 526->527 527->520 532 ce252d 527->532 528->525 534 ce256f 528->534 529->528 533 ce2560-ce2561 call d13317 529->533 532->525 533->528 540 ce2574-ce2578 534->540 539 ca1509-ca150e 537->539 537->540 541 ca14c6-ca14f6 call ca1a05 call ca19ae 538->541 542 ce2589-ce2596 call d132eb 539->542 543 ca1514-ca151e 539->543 540->539 544 ce257e-ce2584 540->544 541->537 557 ce2598 542->557 546 ca1707-ca1714 call cbf80e 543->546 547 ca1524-ca15a5 call ca988f call ca1944 call ca17d5 call cbfe14 call ca177c call ca988f call cacfa0 call ca17fe call cbfe14 543->547 544->539 546->547 560 ca171a 546->560 561 ce259d-ce25bf call cbfdcd 547->561 589 ca15ab-ca15cf call cbfe14 547->589 557->561 560->546 567 ce25c1 561->567 570 ce25c6-ce25e8 call cbfdcd 567->570 576 ce25ea 570->576 580 ce25ef-ce2611 call cbfdcd 576->580 586 ce2613 580->586 588 ce2618-ce2625 call d064d4 586->588 594 ce2627 588->594 589->570 595 ca15d5-ca15f9 call cbfe14 589->595 597 ce262c-ce2639 call cbac64 594->597 595->580 600 ca15ff-ca1619 call cbfe14 595->600 603 ce263b 597->603 600->588 605 ca161f-ca1643 call ca17d5 call cbfe14 600->605 607 ce2640-ce264d call d13245 603->607 605->597 614 ca1649-ca1651 605->614 613 ce264f 607->613 616 ce2654-ce2661 call d132cc 613->616 614->607 615 ca1657-ca1675 call ca988f call ca190a 614->615 615->616 625 ca167b-ca1689 615->625 621 ce2663 616->621 624 ce2668-ce2675 call d132cc 621->624 630 ce2677 624->630 625->624 627 ca168f-ca16c5 call ca988f * 3 call ca1876 625->627 630->630
                                                                                                                    APIs
                                                                                                                    • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00CA1459
                                                                                                                    • OleUninitialize.OLE32(?,00000000), ref: 00CA14F8
                                                                                                                    • UnregisterHotKey.USER32(?), ref: 00CA16DD
                                                                                                                    • DestroyWindow.USER32(?), ref: 00CE24B9
                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 00CE251E
                                                                                                                    • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00CE254B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                    • String ID: close all
                                                                                                                    • API String ID: 469580280-3243417748
                                                                                                                    • Opcode ID: 00633bef0de677697f281a1e43cb3c2c3d537675eced0a5507b24b7c86430fd0
                                                                                                                    • Instruction ID: 9dc60aca8246a7c830ded049da99e5b2c8517db9bccabc5791043959cca6ceae
                                                                                                                    • Opcode Fuzzy Hash: 00633bef0de677697f281a1e43cb3c2c3d537675eced0a5507b24b7c86430fd0
                                                                                                                    • Instruction Fuzzy Hash: 34D15F31702252CFCB19EF16C995B69F7A4BF06704F1942ADE84AAB251DB30ED12DF60
                                                                                                                    Function 00CA2C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 648 ca2c63-ca2cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                    APIs
                                                                                                                    • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00CA2C91
                                                                                                                    • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00CA2CB2
                                                                                                                    • ShowWindow.USER32(00000000,?,?,?,?,?,?,00CA1CAD,?), ref: 00CA2CC6
                                                                                                                    • ShowWindow.USER32(00000000,?,?,?,?,?,?,00CA1CAD,?), ref: 00CA2CCF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$CreateShow
                                                                                                                    • String ID: AutoIt v3$edit
                                                                                                                    • API String ID: 1584632944-3779509399
                                                                                                                    • Opcode ID: dcb022980bea03d569288eb51f73eda80ef56eb36c50282fcb72ac2d29eda040
                                                                                                                    • Instruction ID: 934f8234dbc14a1fd1feb8f02a986a2c6eefb233be447ee9fa665208bdae47de
                                                                                                                    • Opcode Fuzzy Hash: dcb022980bea03d569288eb51f73eda80ef56eb36c50282fcb72ac2d29eda040
                                                                                                                    • Instruction Fuzzy Hash: 3CF0DA795503A07AEB31176BAC09F773EBDD7C6F50F01515AF908E27A0E6611890DEB0
                                                                                                                    Function 00D2AD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 763 d2ad64-d2ad9c call caa961 call cc2340 768 d2add1-d2add5 763->768 769 d2ad9e-d2adb5 call ca7510 763->769 771 d2adf1-d2adf5 768->771 772 d2add7-d2adee call ca7510 call ca7620 768->772 769->768 778 d2adb7-d2adce call ca7510 call ca7620 769->778 773 d2adf7-d2ae0e call ca7510 771->773 774 d2ae3a 771->774 772->771 779 d2ae3c-d2ae40 773->779 787 d2ae10-d2ae21 call ca9b47 773->787 774->779 778->768 783 d2ae42-d2ae50 call cab567 779->783 784 d2ae53-d2aeae call cc2340 call ca7510 ShellExecuteExW 779->784 783->784 800 d2aeb0-d2aeb6 call cbfe14 784->800 801 d2aeb7-d2aeb9 784->801 787->774 799 d2ae23-d2ae2e call ca7510 787->799 799->774 808 d2ae30-d2ae35 call caa8c7 799->808 800->801 805 d2aec2-d2aec6 801->805 806 d2aebb-d2aec1 call cbfe14 801->806 810 d2af0a-d2af0e 805->810 811 d2aec8-d2aed6 805->811 806->805 808->774 812 d2af10-d2af19 810->812 813 d2af1b-d2af33 call cacfa0 810->813 816 d2aedb-d2aeeb 811->816 817 d2aed8 811->817 820 d2af6d-d2af7b call ca988f 812->820 813->820 827 d2af35-d2af46 GetProcessId 813->827 818 d2aef0-d2af08 call cacfa0 816->818 819 d2aeed 816->819 817->816 818->820 819->818 828 d2af48 827->828 829 d2af4e-d2af67 call cacfa0 CloseHandle 827->829 828->829 829->820
                                                                                                                    APIs
                                                                                                                    • ShellExecuteExW.SHELL32(0000003C), ref: 00D2AEA3
                                                                                                                      • Part of subcall function 00CA7620: _wcslen.LIBCMT ref: 00CA7625
                                                                                                                    • GetProcessId.KERNEL32(00000000), ref: 00D2AF38
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00D2AF67
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                    • String ID: <$@
                                                                                                                    • API String ID: 146682121-1426351568
                                                                                                                    • Opcode ID: 6c4547ad11756b308a99eb02835b92ed291c2afc130c8a7ffe354ac42c3585ad
                                                                                                                    • Instruction ID: c7973620461d8982e14f838728bee23185a309ccd30c5bc379908bc55343f5e4
                                                                                                                    • Opcode Fuzzy Hash: 6c4547ad11756b308a99eb02835b92ed291c2afc130c8a7ffe354ac42c3585ad
                                                                                                                    • Instruction Fuzzy Hash: 06718C71A00629DFCB14EF58D484A9EBBF0FF09318F058499E816AB362D774ED45CBA1
                                                                                                                    Function 00CA3B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                    Download Yara Rule

                                                                                                                    Control-flow Graph

                                                                                                                    • Executed
                                                                                                                    • Not Executed
                                                                                                                    control_flow_graph 868 ca3b1c-ca3b27 869 ca3b99-ca3b9b 868->869 870 ca3b29-ca3b2e 868->870 871 ca3b8c-ca3b8f 869->871 870->869 872 ca3b30-ca3b48 RegOpenKeyExW 870->872 872->869 873 ca3b4a-ca3b69 RegQueryValueExW 872->873 874 ca3b6b-ca3b76 873->874 875 ca3b80-ca3b8b RegCloseKey 873->875 876 ca3b78-ca3b7a 874->876 877 ca3b90-ca3b97 874->877 875->871 878 ca3b7e 876->878 877->878 878->875
                                                                                                                    APIs
                                                                                                                    • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00CA3B0F,SwapMouseButtons,00000004,?), ref: 00CA3B40
                                                                                                                    • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00CA3B0F,SwapMouseButtons,00000004,?), ref: 00CA3B61
                                                                                                                    • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00CA3B0F,SwapMouseButtons,00000004,?), ref: 00CA3B83
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseOpenQueryValue
                                                                                                                    • String ID: Control Panel\Mouse
                                                                                                                    • API String ID: 3677997916-824357125
                                                                                                                    • Opcode ID: 0aa221730c27bd8f5516bc6ddce5f0d8f3a55824b4476226ea3ad2638ddfd241
                                                                                                                    • Instruction ID: 4a83c00bd1c8bf4384e12433d51a38e91afa87ee58cddcb96c8222704af525c1
                                                                                                                    • Opcode Fuzzy Hash: 0aa221730c27bd8f5516bc6ddce5f0d8f3a55824b4476226ea3ad2638ddfd241
                                                                                                                    • Instruction Fuzzy Hash: 19112AB5521249FFDB208FA5EC99AAEB7B9EF05748B104459B805E7210D3319F409770
                                                                                                                    Function 00CA3923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 00CE33A2
                                                                                                                      • Part of subcall function 00CA6B57: _wcslen.LIBCMT ref: 00CA6B6A
                                                                                                                    • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00CA3A04
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                    • String ID: Line:
                                                                                                                    • API String ID: 2289894680-1585850449
                                                                                                                    • Opcode ID: 256aea2ffe7e512705de79d69950e580eda5b7df7f5290fe5f46f2971e04804a
                                                                                                                    • Instruction ID: 6b343658e39a09eb598346af34bacafc2d8f326851dd289bc0fe10e913fb22eb
                                                                                                                    • Opcode Fuzzy Hash: 256aea2ffe7e512705de79d69950e580eda5b7df7f5290fe5f46f2971e04804a
                                                                                                                    • Instruction Fuzzy Hash: 5931F671408341AFC721EB64DC56FEBB7E8AB41318F00461EF499931A1EB709B49D7D2
                                                                                                                    Function 00CA10F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA1BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00CA1BF4
                                                                                                                      • Part of subcall function 00CA1BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00CA1BFC
                                                                                                                      • Part of subcall function 00CA1BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00CA1C07
                                                                                                                      • Part of subcall function 00CA1BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00CA1C12
                                                                                                                      • Part of subcall function 00CA1BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00CA1C1A
                                                                                                                      • Part of subcall function 00CA1BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00CA1C22
                                                                                                                      • Part of subcall function 00CA1B4A: RegisterWindowMessageW.USER32(00000004,?,00CA12C4), ref: 00CA1BA2
                                                                                                                    • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 00CA136A
                                                                                                                    • OleInitialize.OLE32 ref: 00CA1388
                                                                                                                    • CloseHandle.KERNEL32(00000000,00000000), ref: 00CE24AB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1986988660-0
                                                                                                                    • Opcode ID: 19fef8929afa70b41d08ba3abbc5d91b24e356e7251c943d8db5092ce024f856
                                                                                                                    • Instruction ID: 54032aad866597610aa886c5944869049180585a9c3074a6d1aabb101b0a6b9b
                                                                                                                    • Opcode Fuzzy Hash: 19fef8929afa70b41d08ba3abbc5d91b24e356e7251c943d8db5092ce024f856
                                                                                                                    • Instruction Fuzzy Hash: C07199BC9213019EC388EF7DA8466993AF5FB89348B58832A940ED7361FB304484DF71
                                                                                                                    Function 00CD86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindCloseChangeNotification.KERNEL32(00000000,00000000,?,?,00CD85CC,?,00D68CC8,0000000C), ref: 00CD8704
                                                                                                                    • GetLastError.KERNEL32(?,00CD85CC,?,00D68CC8,0000000C), ref: 00CD870E
                                                                                                                    • __dosmaperr.LIBCMT ref: 00CD8739
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ChangeCloseErrorFindLastNotification__dosmaperr
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 490808831-0
                                                                                                                    • Opcode ID: b66575f25cf9d80adb10f1e21809c4085fa74e9dba93cd07b2b691f3933cf16b
                                                                                                                    • Instruction ID: 09dc2cca28b36c94b2bff036bf9c6288d960e780a01e005f3f3872c3d69718f1
                                                                                                                    • Opcode Fuzzy Hash: b66575f25cf9d80adb10f1e21809c4085fa74e9dba93cd07b2b691f3933cf16b
                                                                                                                    • Instruction Fuzzy Hash: 3001613360576026D6246734A845B7E6B498F81774F39011FFB28DB3E2DEB0CDC69260
                                                                                                                    Function 00CB1310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00CB17F6
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Init_thread_footer
                                                                                                                    • String ID: CALL
                                                                                                                    • API String ID: 1385522511-4196123274
                                                                                                                    • Opcode ID: e5cf748152f24982dda01388330fb1f3573e7c248cb4ef827357da4c539308fa
                                                                                                                    • Instruction ID: 614b49d53bf130771da19a123a7ff1aad2400a89132f6e4faedae1c73197fd93
                                                                                                                    • Opcode Fuzzy Hash: e5cf748152f24982dda01388330fb1f3573e7c248cb4ef827357da4c539308fa
                                                                                                                    • Instruction Fuzzy Hash: 6622AB706083419FC714CF25C8A0AAABBF1FF85314F68891DF9968B3A1D731E945DB92
                                                                                                                    Function 00CA2DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetOpenFileNameW.COMDLG32(?), ref: 00CE2C8C
                                                                                                                      • Part of subcall function 00CA3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00CA3A97,?,?,00CA2E7F,?,?,?,00000000), ref: 00CA3AC2
                                                                                                                      • Part of subcall function 00CA2DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00CA2DC4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Name$Path$FileFullLongOpen
                                                                                                                    • String ID: X
                                                                                                                    • API String ID: 779396738-3081909835
                                                                                                                    • Opcode ID: 0f9d3798246b517a842a8df4b55cf9828519ec9f9e7e7ea231f2f22d031ba133
                                                                                                                    • Instruction ID: 94154f4a640e1a4af54b232b5783fc2c9544b9fe45d30c3f3234b6446dba0140
                                                                                                                    • Opcode Fuzzy Hash: 0f9d3798246b517a842a8df4b55cf9828519ec9f9e7e7ea231f2f22d031ba133
                                                                                                                    • Instruction Fuzzy Hash: CB219371A002989BDB05DF99C845BEE7BFCAF49308F004059E505F7341DBB49A899BA1
                                                                                                                    Function 00CA3837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00CA3908
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconNotifyShell_
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1144537725-0
                                                                                                                    • Opcode ID: 2bedd2593384fb7d197e07a807c869b3ee78789daca2241a310edf1c12046245
                                                                                                                    • Instruction ID: 340dacf86898e224f3e3c9b0d030e95968ca23ab199fc56772e5d2a25eed2789
                                                                                                                    • Opcode Fuzzy Hash: 2bedd2593384fb7d197e07a807c869b3ee78789daca2241a310edf1c12046245
                                                                                                                    • Instruction Fuzzy Hash: 383180705043419FD720DF64D895797BBE8FB49708F00092EF599D7390E775AA44CB62
                                                                                                                    Function 00CA4ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA4E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00CA4EDD,?,00D71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00CA4E9C
                                                                                                                      • Part of subcall function 00CA4E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00CA4EAE
                                                                                                                      • Part of subcall function 00CA4E90: FreeLibrary.KERNEL32(00000000,?,?,00CA4EDD,?,00D71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00CA4EC0
                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00D71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00CA4EFD
                                                                                                                      • Part of subcall function 00CA4E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00CE3CDE,?,00D71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00CA4E62
                                                                                                                      • Part of subcall function 00CA4E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00CA4E74
                                                                                                                      • Part of subcall function 00CA4E59: FreeLibrary.KERNEL32(00000000,?,?,00CE3CDE,?,00D71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00CA4E87
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Library$Load$AddressFreeProc
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2632591731-0
                                                                                                                    • Opcode ID: 3dea37b7f619cdbdaebbbe7818db61ef5d83e789f45772d3dba45fc3a1a56b95
                                                                                                                    • Instruction ID: 9912364e94fa306e3394ebb9f403862c877fcd44b19db9d21a481c6ffdf86861
                                                                                                                    • Opcode Fuzzy Hash: 3dea37b7f619cdbdaebbbe7818db61ef5d83e789f45772d3dba45fc3a1a56b95
                                                                                                                    • Instruction Fuzzy Hash: F811E732610206AECB18ABA5DC06FADB7A59F81714F20842DF552B71C1DEB1AE45A760
                                                                                                                    Function 00CD8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __wsopen_s
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3347428461-0
                                                                                                                    • Opcode ID: 517608472ca71d8fd715736d144a4877f4f8d7f6c3065a3a28b6688149758821
                                                                                                                    • Instruction ID: f849ac841ef32f91c291cdda71be5466d358a1e651e9b4b61425ea5d1722ad05
                                                                                                                    • Opcode Fuzzy Hash: 517608472ca71d8fd715736d144a4877f4f8d7f6c3065a3a28b6688149758821
                                                                                                                    • Instruction Fuzzy Hash: 8511187590420AAFCB05DF58E941A9F7BF5FF48314F10405AF918AB312DB31EA15CBA5
                                                                                                                    Function 00CD5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CD4C7D: RtlAllocateHeap.NTDLL(00000008,00CA1129,00000000,?,00CD2E29,00000001,00000364,?,?,?,00CCF2DE,00CD3863,00D71444,?,00CBFDF5,?), ref: 00CD4CBE
                                                                                                                    • _free.LIBCMT ref: 00CD506C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap_free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 614378929-0
                                                                                                                    • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                    • Instruction ID: 8027b9d558863091732c92e195847d1970dedc5b1329384418793bec94e9ee61
                                                                                                                    • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                    • Instruction Fuzzy Hash: AC0126722047046BE3218E659881A5AFBECFB89370F25051EE294833C0EA30A905C6B4
                                                                                                                    Function 00CCE602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                    • Instruction ID: 93ab542fed98b12c4feb0f467adf10fce37e101716b445e7020471521c490bcf
                                                                                                                    • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                    • Instruction Fuzzy Hash: 2EF0F432521A18D7C6313A7ACC05F9A339C9F63330F10072EF621922D2DB74E906A6A5
                                                                                                                    Function 00CD4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RtlAllocateHeap.NTDLL(00000008,00CA1129,00000000,?,00CD2E29,00000001,00000364,?,?,?,00CCF2DE,00CD3863,00D71444,?,00CBFDF5,?), ref: 00CD4CBE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1279760036-0
                                                                                                                    • Opcode ID: 6fb95648a456e4b801c73f792273babacaff3b658f407f29a64b62eda623f0be
                                                                                                                    • Instruction ID: 9ff0f6fa4f846b7597f77e728e944781f53545768b99ccd6d2f1a1bc6d619227
                                                                                                                    • Opcode Fuzzy Hash: 6fb95648a456e4b801c73f792273babacaff3b658f407f29a64b62eda623f0be
                                                                                                                    • Instruction Fuzzy Hash: 7DF0E93172222467DB295F66DC05F5A3789BFD17A1B15811BFB29EA380CB70D90196E0
                                                                                                                    Function 00CD3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RtlAllocateHeap.NTDLL(00000000,?,00D71444,?,00CBFDF5,?,?,00CAA976,00000010,00D71440,00CA13FC,?,00CA13C6,?,00CA1129), ref: 00CD3852
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1279760036-0
                                                                                                                    • Opcode ID: 9bbffe3c9b4482090ee36f780f49a80b90c1cf6d0250ad88ed9aaf8c380e65da
                                                                                                                    • Instruction ID: 3c18f9799b70245a11804a227fcb8014105e5330f95af80cd13a3ed9c8137507
                                                                                                                    • Opcode Fuzzy Hash: 9bbffe3c9b4482090ee36f780f49a80b90c1cf6d0250ad88ed9aaf8c380e65da
                                                                                                                    • Instruction Fuzzy Hash: 71E0E5312003A456D7212667DC00F9A374AAB427B0F09012BFE24D67C0DB50DF01B2F2
                                                                                                                    Function 00CA4F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FreeLibrary.KERNEL32(?,?,00D71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00CA4F6D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeLibrary
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3664257935-0
                                                                                                                    • Opcode ID: 0c979c33aa4d999ce06b9255a17ef8aa2f4a89236afa4c8b8bcd4096d876ef5d
                                                                                                                    • Instruction ID: 360abd2ee178dcfba583855524182e7571c18ba082a4cb405ec391100ff12bb8
                                                                                                                    • Opcode Fuzzy Hash: 0c979c33aa4d999ce06b9255a17ef8aa2f4a89236afa4c8b8bcd4096d876ef5d
                                                                                                                    • Instruction Fuzzy Hash: 5BF03971105752CFDB389FA5D890822BBE4AF5632D320997EE1EA82621C7B19844EF51
                                                                                                                    Function 00CA30F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • Shell_NotifyIconW.SHELL32(00000002,?), ref: 00CA314E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconNotifyShell_
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1144537725-0
                                                                                                                    • Opcode ID: 4b4618f12f218992f936deef515b8d176c4ce5bedc188dbf6941df7735fb14d3
                                                                                                                    • Instruction ID: 76a3f06e9714d7296cd1b729bbfa99a971333e9fa4c99bae95d8def06e34772b
                                                                                                                    • Opcode Fuzzy Hash: 4b4618f12f218992f936deef515b8d176c4ce5bedc188dbf6941df7735fb14d3
                                                                                                                    • Instruction Fuzzy Hash: 0CF0A7709103549FE7529B24DC4A7D97BBCA70170CF0001E9A24CD6292EB7457C8CF61
                                                                                                                    Function 00CA2DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00CA2DC4
                                                                                                                      • Part of subcall function 00CA6B57: _wcslen.LIBCMT ref: 00CA6B6A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LongNamePath_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 541455249-0
                                                                                                                    • Opcode ID: 3c8fdf593d830b4a48727aa77bc32dadc1bab160bf9812b944d391fde7befad5
                                                                                                                    • Instruction ID: c75159b90437ab19d606c36d68b0c49bdc82ba737e5877443bfdfb1ed12bcc8a
                                                                                                                    • Opcode Fuzzy Hash: 3c8fdf593d830b4a48727aa77bc32dadc1bab160bf9812b944d391fde7befad5
                                                                                                                    • Instruction Fuzzy Hash: 72E0C276A002245BCB21E7989C06FEA77EDDFC8790F0800B1FD09E7248DA70AD8096A0
                                                                                                                    Function 00CA2B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA3837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00CA3908
                                                                                                                      • Part of subcall function 00CAD731: GetInputState.USER32 ref: 00CAD807
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00CA2B6B
                                                                                                                      • Part of subcall function 00CA30F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 00CA314E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3667716007-0
                                                                                                                    • Opcode ID: a331ed096982a3d8ceef104429a396d2787023552c7bf0c5275b9c2093b0f12c
                                                                                                                    • Instruction ID: 0d1c2a78e5813a545ea6f2909ea8c270e99392706b9bafdb51f6b872948d8e02
                                                                                                                    • Opcode Fuzzy Hash: a331ed096982a3d8ceef104429a396d2787023552c7bf0c5275b9c2093b0f12c
                                                                                                                    • Instruction Fuzzy Hash: 53E0262230028607C608BB38A8264BDA349CBD335DF40153EF047832A2DE2446455321
                                                                                                                    Function 00CE039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNEL32(00000000,00000000,?,00CE0704,?,?,00000000,?,00CE0704,00000000,0000000C), ref: 00CE03B7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFile
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 823142352-0
                                                                                                                    • Opcode ID: ac93ffc9345b96b0bd5d01fe81fefae57dd35afa5012a91119cc6f8af98ad5ad
                                                                                                                    • Instruction ID: c6e7d4edb44bd459e0938956ed05e221a4429cd43705fe1294d43f5370eec8d3
                                                                                                                    • Opcode Fuzzy Hash: ac93ffc9345b96b0bd5d01fe81fefae57dd35afa5012a91119cc6f8af98ad5ad
                                                                                                                    • Instruction Fuzzy Hash: B2D06C3205020DBBDF028F84DD06EDA3BAAFB48714F014000BE18A6120C732E821AB90
                                                                                                                    Function 00CA1CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00CA1CBC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InfoParametersSystem
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3098949447-0
                                                                                                                    • Opcode ID: a5dca6a1dd0f4cc68294065b10d30d443789fb6c7b67a1893e0d6898eda5ef97
                                                                                                                    • Instruction ID: cf7a8a48fe4a40550f5c48fb5f297a564ea801b99605ea061d6ad5a1f9361af9
                                                                                                                    • Opcode Fuzzy Hash: a5dca6a1dd0f4cc68294065b10d30d443789fb6c7b67a1893e0d6898eda5ef97
                                                                                                                    • Instruction Fuzzy Hash: 21C0923B290304EFF2148B94BC4BF207764A348B00F048001F64DE9BE3E3A228A0EB70

                                                                                                                    Non-executed Functions

                                                                                                                    Function 00D39576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00CB9BB2
                                                                                                                    • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 00D3961A
                                                                                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00D3965B
                                                                                                                    • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 00D3969F
                                                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00D396C9
                                                                                                                    • SendMessageW.USER32 ref: 00D396F2
                                                                                                                    • GetKeyState.USER32(00000011), ref: 00D3978B
                                                                                                                    • GetKeyState.USER32(00000009), ref: 00D39798
                                                                                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 00D397AE
                                                                                                                    • GetKeyState.USER32(00000010), ref: 00D397B8
                                                                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00D397E9
                                                                                                                    • SendMessageW.USER32 ref: 00D39810
                                                                                                                    • SendMessageW.USER32(?,00001030,?,00D37E95), ref: 00D39918
                                                                                                                    • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 00D3992E
                                                                                                                    • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00D39941
                                                                                                                    • SetCapture.USER32(?), ref: 00D3994A
                                                                                                                    • ClientToScreen.USER32(?,?), ref: 00D399AF
                                                                                                                    • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 00D399BC
                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00D399D6
                                                                                                                    • ReleaseCapture.USER32 ref: 00D399E1
                                                                                                                    • GetCursorPos.USER32(?), ref: 00D39A19
                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00D39A26
                                                                                                                    • SendMessageW.USER32(?,00001012,00000000,?), ref: 00D39A80
                                                                                                                    • SendMessageW.USER32 ref: 00D39AAE
                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 00D39AEB
                                                                                                                    • SendMessageW.USER32 ref: 00D39B1A
                                                                                                                    • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00D39B3B
                                                                                                                    • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00D39B4A
                                                                                                                    • GetCursorPos.USER32(?), ref: 00D39B68
                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00D39B75
                                                                                                                    • GetParent.USER32(?), ref: 00D39B93
                                                                                                                    • SendMessageW.USER32(?,00001012,00000000,?), ref: 00D39BFA
                                                                                                                    • SendMessageW.USER32 ref: 00D39C2B
                                                                                                                    • ClientToScreen.USER32(?,?), ref: 00D39C84
                                                                                                                    • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00D39CB4
                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 00D39CDE
                                                                                                                    • SendMessageW.USER32 ref: 00D39D01
                                                                                                                    • ClientToScreen.USER32(?,?), ref: 00D39D4E
                                                                                                                    • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00D39D82
                                                                                                                      • Part of subcall function 00CB9944: GetWindowLongW.USER32(?,000000EB), ref: 00CB9952
                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00D39E05
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                    • String ID: @GUI_DRAGID$F
                                                                                                                    • API String ID: 3429851547-4164748364
                                                                                                                    • Opcode ID: e98efbbe14a24927e94ccf307ab21b6ec6b2c92d1f7e65307e9df76ed767b4d8
                                                                                                                    • Instruction ID: 2920cacada72f44b01cfd09caa680de86f2511781aaa0d014ef65aedf3a7eec7
                                                                                                                    • Opcode Fuzzy Hash: e98efbbe14a24927e94ccf307ab21b6ec6b2c92d1f7e65307e9df76ed767b4d8
                                                                                                                    • Instruction Fuzzy Hash: DF42AA35205301AFDB24CF28CCA5AAABBE5FF49310F180619F699D72A1D7B1E851CF61
                                                                                                                    Function 00D34873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 00D348F3
                                                                                                                    • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00D34908
                                                                                                                    • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00D34927
                                                                                                                    • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 00D3494B
                                                                                                                    • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 00D3495C
                                                                                                                    • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 00D3497B
                                                                                                                    • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 00D349AE
                                                                                                                    • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 00D349D4
                                                                                                                    • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00D34A0F
                                                                                                                    • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00D34A56
                                                                                                                    • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00D34A7E
                                                                                                                    • IsMenu.USER32(?), ref: 00D34A97
                                                                                                                    • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00D34AF2
                                                                                                                    • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00D34B20
                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00D34B94
                                                                                                                    • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00D34BE3
                                                                                                                    • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00D34C82
                                                                                                                    • wsprintfW.USER32 ref: 00D34CAE
                                                                                                                    • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00D34CC9
                                                                                                                    • GetWindowTextW.USER32(?,00000000,00000001), ref: 00D34CF1
                                                                                                                    • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00D34D13
                                                                                                                    • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00D34D33
                                                                                                                    • GetWindowTextW.USER32(?,00000000,00000001), ref: 00D34D5A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                    • String ID: %d/%02d/%02d
                                                                                                                    • API String ID: 4054740463-328681919
                                                                                                                    • Opcode ID: 3e8f88855a8016aba45b3016270bbe9b079a96eb15dad352b6b7dd17d9b21298
                                                                                                                    • Instruction ID: b40f60e5fa4656143811ff181a6b1095ccd0ec246c02ee1fb6b29550ef4c3ad9
                                                                                                                    • Opcode Fuzzy Hash: 3e8f88855a8016aba45b3016270bbe9b079a96eb15dad352b6b7dd17d9b21298
                                                                                                                    • Instruction Fuzzy Hash: CE12D071600354ABEB248F28DC49FAE7BF8EF45710F184129F515EA2E1DB78E941CB60
                                                                                                                    Function 00CBF98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 00CBF998
                                                                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00CFF474
                                                                                                                    • IsIconic.USER32(00000000), ref: 00CFF47D
                                                                                                                    • ShowWindow.USER32(00000000,00000009), ref: 00CFF48A
                                                                                                                    • SetForegroundWindow.USER32(00000000), ref: 00CFF494
                                                                                                                    • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00CFF4AA
                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00CFF4B1
                                                                                                                    • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00CFF4BD
                                                                                                                    • AttachThreadInput.USER32(?,00000000,00000001), ref: 00CFF4CE
                                                                                                                    • AttachThreadInput.USER32(?,00000000,00000001), ref: 00CFF4D6
                                                                                                                    • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 00CFF4DE
                                                                                                                    • SetForegroundWindow.USER32(00000000), ref: 00CFF4E1
                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00CFF4F6
                                                                                                                    • keybd_event.USER32(00000012,00000000), ref: 00CFF501
                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00CFF50B
                                                                                                                    • keybd_event.USER32(00000012,00000000), ref: 00CFF510
                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00CFF519
                                                                                                                    • keybd_event.USER32(00000012,00000000), ref: 00CFF51E
                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00CFF528
                                                                                                                    • keybd_event.USER32(00000012,00000000), ref: 00CFF52D
                                                                                                                    • SetForegroundWindow.USER32(00000000), ref: 00CFF530
                                                                                                                    • AttachThreadInput.USER32(?,000000FF,00000000), ref: 00CFF557
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                    • String ID: Shell_TrayWnd
                                                                                                                    • API String ID: 4125248594-2988720461
                                                                                                                    • Opcode ID: 212bcfb8870ce12baa89b785c525e378db48320f53a9ae95dd3977714b0503eb
                                                                                                                    • Instruction ID: 081399163b3d8fd074d740167a5402e8651bb6a45bbb19d4a3c5648b4e93adcf
                                                                                                                    • Opcode Fuzzy Hash: 212bcfb8870ce12baa89b785c525e378db48320f53a9ae95dd3977714b0503eb
                                                                                                                    • Instruction Fuzzy Hash: B4313E71A50318BBEB206BB55C4AFBF7E6CEB44B50F141069FA01F62D1C6B19901ABB1
                                                                                                                    Function 00D01201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00D016C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00D0170D
                                                                                                                      • Part of subcall function 00D016C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00D0173A
                                                                                                                      • Part of subcall function 00D016C3: GetLastError.KERNEL32 ref: 00D0174A
                                                                                                                    • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 00D01286
                                                                                                                    • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 00D012A8
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D012B9
                                                                                                                    • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 00D012D1
                                                                                                                    • GetProcessWindowStation.USER32 ref: 00D012EA
                                                                                                                    • SetProcessWindowStation.USER32(00000000), ref: 00D012F4
                                                                                                                    • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 00D01310
                                                                                                                      • Part of subcall function 00D010BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00D011FC), ref: 00D010D4
                                                                                                                      • Part of subcall function 00D010BF: CloseHandle.KERNEL32(?,?,00D011FC), ref: 00D010E9
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                    • String ID: $default$winsta0
                                                                                                                    • API String ID: 22674027-1027155976
                                                                                                                    • Opcode ID: 5aa000f6a7cf276806854a87fcc5f5213772ae172c09a47643ab2380075300fc
                                                                                                                    • Instruction ID: 08b3faed44d2c28a640f62ace9d6701c6e1a4f0c5cf7e74f569852876c20989f
                                                                                                                    • Opcode Fuzzy Hash: 5aa000f6a7cf276806854a87fcc5f5213772ae172c09a47643ab2380075300fc
                                                                                                                    • Instruction Fuzzy Hash: 2C816575900249ABDF219FA4DC49BEE7BB9EF04704F184129F918F62A0C771DA58CB30
                                                                                                                    Function 00D00B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00D010F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00D01114
                                                                                                                      • Part of subcall function 00D010F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00D00B9B,?,?,?), ref: 00D01120
                                                                                                                      • Part of subcall function 00D010F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00D00B9B,?,?,?), ref: 00D0112F
                                                                                                                      • Part of subcall function 00D010F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00D00B9B,?,?,?), ref: 00D01136
                                                                                                                      • Part of subcall function 00D010F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00D0114D
                                                                                                                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00D00BCC
                                                                                                                    • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00D00C00
                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00D00C17
                                                                                                                    • GetAce.ADVAPI32(?,00000000,?), ref: 00D00C51
                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00D00C6D
                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00D00C84
                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00D00C8C
                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00D00C93
                                                                                                                    • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00D00CB4
                                                                                                                    • CopySid.ADVAPI32(00000000), ref: 00D00CBB
                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00D00CEA
                                                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00D00D0C
                                                                                                                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00D00D1E
                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D00D45
                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00D00D4C
                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D00D55
                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00D00D5C
                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D00D65
                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00D00D6C
                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 00D00D78
                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00D00D7F
                                                                                                                      • Part of subcall function 00D01193: GetProcessHeap.KERNEL32(00000008,00D00BB1,?,00000000,?,00D00BB1,?), ref: 00D011A1
                                                                                                                      • Part of subcall function 00D01193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00D00BB1,?), ref: 00D011A8
                                                                                                                      • Part of subcall function 00D01193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00D00BB1,?), ref: 00D011B7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4175595110-0
                                                                                                                    • Opcode ID: 357ae1b1a9afac5bb23ae605c8341ae082ba9caba71e0868cc7b38781d000da4
                                                                                                                    • Instruction ID: a04c49032243b9394daad2c2cc587767cc46d739c82ddfb01e1eaa454080618d
                                                                                                                    • Opcode Fuzzy Hash: 357ae1b1a9afac5bb23ae605c8341ae082ba9caba71e0868cc7b38781d000da4
                                                                                                                    • Instruction Fuzzy Hash: 1D711676A0020ABBDF10DFA4DC45BEEBBBDAF04310F184525E919E6291D775AA05CBB0
                                                                                                                    Function 00D1EAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • OpenClipboard.USER32(00D3CC08), ref: 00D1EB29
                                                                                                                    • IsClipboardFormatAvailable.USER32(0000000D), ref: 00D1EB37
                                                                                                                    • GetClipboardData.USER32(0000000D), ref: 00D1EB43
                                                                                                                    • CloseClipboard.USER32 ref: 00D1EB4F
                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00D1EB87
                                                                                                                    • CloseClipboard.USER32 ref: 00D1EB91
                                                                                                                    • GlobalUnlock.KERNEL32(00000000,00000000), ref: 00D1EBBC
                                                                                                                    • IsClipboardFormatAvailable.USER32(00000001), ref: 00D1EBC9
                                                                                                                    • GetClipboardData.USER32(00000001), ref: 00D1EBD1
                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00D1EBE2
                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?), ref: 00D1EC22
                                                                                                                    • IsClipboardFormatAvailable.USER32(0000000F), ref: 00D1EC38
                                                                                                                    • GetClipboardData.USER32(0000000F), ref: 00D1EC44
                                                                                                                    • GlobalLock.KERNEL32(00000000), ref: 00D1EC55
                                                                                                                    • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 00D1EC77
                                                                                                                    • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00D1EC94
                                                                                                                    • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 00D1ECD2
                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?), ref: 00D1ECF3
                                                                                                                    • CountClipboardFormats.USER32 ref: 00D1ED14
                                                                                                                    • CloseClipboard.USER32 ref: 00D1ED59
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 420908878-0
                                                                                                                    • Opcode ID: 000b56a6d723c015785c530dd1d4cf6f6320c049da273b3866189cb262bdcce0
                                                                                                                    • Instruction ID: 96c52d07a82a68100b43a27375df346871c3805709661b0aa883ffd8debb84ee
                                                                                                                    • Opcode Fuzzy Hash: 000b56a6d723c015785c530dd1d4cf6f6320c049da273b3866189cb262bdcce0
                                                                                                                    • Instruction Fuzzy Hash: 9261C135204302AFD300EF24E889FAA77A4EF85714F085519F856D72A2DF71D985DBB2
                                                                                                                    Function 00D1698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00D169BE
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00D16A12
                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00D16A4E
                                                                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00D16A75
                                                                                                                      • Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD
                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00D16AB2
                                                                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00D16ADF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                    • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                    • API String ID: 3830820486-3289030164
                                                                                                                    • Opcode ID: 5da9047a6273b8394bebbc88f5ac36ea204dfea72b0f15ed6bcf9055a691d05c
                                                                                                                    • Instruction ID: 55204b5afb840e6d5df06157a92e626db567aba1698a7ba8f6861e0bc1eed585
                                                                                                                    • Opcode Fuzzy Hash: 5da9047a6273b8394bebbc88f5ac36ea204dfea72b0f15ed6bcf9055a691d05c
                                                                                                                    • Instruction Fuzzy Hash: C6D14F72508301AFC710EBA4DC86EABB7ECEF89708F04491DF585D6291EB74DA44DB62
                                                                                                                    Function 00D19642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00D19663
                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00D196A1
                                                                                                                    • SetFileAttributesW.KERNEL32(?,?), ref: 00D196BB
                                                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 00D196D3
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00D196DE
                                                                                                                    • FindFirstFileW.KERNEL32(*.*,?), ref: 00D196FA
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00D1974A
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(00D66B7C), ref: 00D19768
                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00D19772
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00D1977F
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00D1978F
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                    • String ID: *.*
                                                                                                                    • API String ID: 1409584000-438819550
                                                                                                                    • Opcode ID: f2134b68af531f0e0c20300495a79e312751aa696fbf965b1b59ce5619feb879
                                                                                                                    • Instruction ID: f4ca51ebe6ad5e0191b0631743f7a0607aba82da63e58f92c14d1f9f00e49080
                                                                                                                    • Opcode Fuzzy Hash: f2134b68af531f0e0c20300495a79e312751aa696fbf965b1b59ce5619feb879
                                                                                                                    • Instruction Fuzzy Hash: A831A036650219BFDB14AFB4EC69ADEB7ACAF09321F144165F815E21E0DB30DA84CB34
                                                                                                                    Function 00D1979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 00D197BE
                                                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 00D19819
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00D19824
                                                                                                                    • FindFirstFileW.KERNEL32(*.*,?), ref: 00D19840
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00D19890
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(00D66B7C), ref: 00D198AE
                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00D198B8
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00D198C5
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00D198D5
                                                                                                                      • Part of subcall function 00D0DAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00D0DB00
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                    • String ID: *.*
                                                                                                                    • API String ID: 2640511053-438819550
                                                                                                                    • Opcode ID: c2bced4d5ab484b80a8f97ae996867f45b612a68c5d68022fc20899939aa6dce
                                                                                                                    • Instruction ID: 8502e3deeafe49d749ad17cdb6ffae921503a83e2ec7f43cd7421508642a7212
                                                                                                                    • Opcode Fuzzy Hash: c2bced4d5ab484b80a8f97ae996867f45b612a68c5d68022fc20899939aa6dce
                                                                                                                    • Instruction Fuzzy Hash: 333183325406197EDB14AFB4FC68ADEB7ACAF06320F144166E854E2190DF31D9C5CB74
                                                                                                                    Function 00D2BE44 Relevance: 17.0, APIs: 11, Instructions: 456registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00D2C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00D2B6AE,?,?), ref: 00D2C9B5
                                                                                                                      • Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2C9F1
                                                                                                                      • Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2CA68
                                                                                                                      • Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2CA9E
                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00D2BF3E
                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?), ref: 00D2BFA9
                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00D2BFCD
                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 00D2C02C
                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 00D2C0E7
                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00D2C154
                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00D2C1E9
                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,?,?,00000000), ref: 00D2C23A
                                                                                                                    • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,00000000), ref: 00D2C2E3
                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00D2C382
                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00D2C38F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: QueryValue$Close_wcslen$BuffCharConnectOpenRegistryUpper
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3102970594-0
                                                                                                                    • Opcode ID: 62b7701396198f49c422ba7b96f7b32fad9d077a102b7ade3d2282ae76d76018
                                                                                                                    • Instruction ID: 1532460314465470d9bc36a3b575959903835e206090ea2a67e7a4f3b04c43eb
                                                                                                                    • Opcode Fuzzy Hash: 62b7701396198f49c422ba7b96f7b32fad9d077a102b7ade3d2282ae76d76018
                                                                                                                    • Instruction Fuzzy Hash: 00026E716142109FC714DF28D895E2ABBE5EF49318F18C89DF84ADB2A2DB31EC45CB61
                                                                                                                    Function 00D18195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLocalTime.KERNEL32(?), ref: 00D18257
                                                                                                                    • SystemTimeToFileTime.KERNEL32(?,?), ref: 00D18267
                                                                                                                    • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 00D18273
                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00D18310
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00D18324
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00D18356
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00D1838C
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00D18395
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                    • String ID: *.*
                                                                                                                    • API String ID: 1464919966-438819550
                                                                                                                    • Opcode ID: c1ba882cdce423c6a6b3c5fe387b79f1d94c1745b68be5336783d58ac74a4520
                                                                                                                    • Instruction ID: c9aba1711a3798c3bbec89af6614ab982691ac94c76cb64be031aa57cb7c9910
                                                                                                                    • Opcode Fuzzy Hash: c1ba882cdce423c6a6b3c5fe387b79f1d94c1745b68be5336783d58ac74a4520
                                                                                                                    • Instruction Fuzzy Hash: F2617CB2504305AFC710EF64D88099EB3E8FF89314F08891EF999D7251DB31E945DBA2
                                                                                                                    Function 00D0D076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00CA3A97,?,?,00CA2E7F,?,?,?,00000000), ref: 00CA3AC2
                                                                                                                      • Part of subcall function 00D0E199: GetFileAttributesW.KERNEL32(?,00D0CF95), ref: 00D0E19A
                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00D0D122
                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 00D0D1DD
                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00D0D1F0
                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?), ref: 00D0D20D
                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00D0D237
                                                                                                                      • Part of subcall function 00D0D29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,00D0D21C,?,?), ref: 00D0D2B2
                                                                                                                    • FindClose.KERNEL32(00000000,?,?,?), ref: 00D0D253
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00D0D264
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                    • String ID: \*.*
                                                                                                                    • API String ID: 1946585618-1173974218
                                                                                                                    • Opcode ID: 6360e75552f12b5fae31bc3220a386ce73dd11487af30018817e0a0afbb895c1
                                                                                                                    • Instruction ID: c316d0d8c1ff471e972ae7a3ec0715f9bd4063c8938378aa48ab369be7ada884
                                                                                                                    • Opcode Fuzzy Hash: 6360e75552f12b5fae31bc3220a386ce73dd11487af30018817e0a0afbb895c1
                                                                                                                    • Instruction Fuzzy Hash: 72616F31C0125E9BCF05EBE0D952AEDB776AF55304F244166E406771A1EB309F09DB71
                                                                                                                    Function 00D1ED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1737998785-0
                                                                                                                    • Opcode ID: 18c5286a10db868cb7934cdca5f6df4511c9734cb43afb93e3ec33a8d7873d9f
                                                                                                                    • Instruction ID: fb6a20a41dc51cca80aeda52755d9cc6675868b88c952a373bd88bfc07e5eb49
                                                                                                                    • Opcode Fuzzy Hash: 18c5286a10db868cb7934cdca5f6df4511c9734cb43afb93e3ec33a8d7873d9f
                                                                                                                    • Instruction Fuzzy Hash: 17419D35204611AFD310DF25E889B5ABBE5EF44318F18C099E8199B762CB35EC81CBA0
                                                                                                                    Function 00D0E8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00D016C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00D0170D
                                                                                                                      • Part of subcall function 00D016C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00D0173A
                                                                                                                      • Part of subcall function 00D016C3: GetLastError.KERNEL32 ref: 00D0174A
                                                                                                                    • ExitWindowsEx.USER32(?,00000000), ref: 00D0E932
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                    • String ID: $ $@$SeShutdownPrivilege
                                                                                                                    • API String ID: 2234035333-3163812486
                                                                                                                    • Opcode ID: d9d93c7851835c1059a4fc2414733463c569c54c706f1edf9e629479b753a238
                                                                                                                    • Instruction ID: 52952626cd66fb9239cf90c31fb758c3d617cd1e2c87f6ba5c40ab8d4203a637
                                                                                                                    • Opcode Fuzzy Hash: d9d93c7851835c1059a4fc2414733463c569c54c706f1edf9e629479b753a238
                                                                                                                    • Instruction Fuzzy Hash: D701D673620311ABEB6467B4AC86BBB735CA714750F194D26FC4AF21D2D5A19C408AB4
                                                                                                                    Function 00D21204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 00D21276
                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00D21283
                                                                                                                    • bind.WSOCK32(00000000,?,00000010), ref: 00D212BA
                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00D212C5
                                                                                                                    • closesocket.WSOCK32(00000000), ref: 00D212F4
                                                                                                                    • listen.WSOCK32(00000000,00000005), ref: 00D21303
                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00D2130D
                                                                                                                    • closesocket.WSOCK32(00000000), ref: 00D2133C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 540024437-0
                                                                                                                    • Opcode ID: 482f8eef6b70cf689ad03b39c181d4659e734cb1764ecb743e6d962587c366a1
                                                                                                                    • Instruction ID: 217ca191ddd68a856dab84c078e4690c6f6be5f61a2587b44f6b66ebd1cdb572
                                                                                                                    • Opcode Fuzzy Hash: 482f8eef6b70cf689ad03b39c181d4659e734cb1764ecb743e6d962587c366a1
                                                                                                                    • Instruction Fuzzy Hash: E9416F35A00211DFD710DF64D485B2ABBE6AF66318F18C198E8569F392C771ED81CBB1
                                                                                                                    Function 00CDB952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _free.LIBCMT ref: 00CDB9D4
                                                                                                                    • _free.LIBCMT ref: 00CDB9F8
                                                                                                                    • _free.LIBCMT ref: 00CDBB7F
                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00D43700), ref: 00CDBB91
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00D7121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00CDBC09
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00D71270,000000FF,?,0000003F,00000000,?), ref: 00CDBC36
                                                                                                                    • _free.LIBCMT ref: 00CDBD4B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 314583886-0
                                                                                                                    • Opcode ID: 0e02aa7955f514d2a5fa8d2302d3f40d4b37129f5f372b8af3c890d0fd1c0791
                                                                                                                    • Instruction ID: d0b40e3e47b42f884505ebc0c2a86031a45b91522b23a518e31d1226751a7121
                                                                                                                    • Opcode Fuzzy Hash: 0e02aa7955f514d2a5fa8d2302d3f40d4b37129f5f372b8af3c890d0fd1c0791
                                                                                                                    • Instruction Fuzzy Hash: A8C12675904245EFCB209F69CC51BAABBB8EF41310F16419FE6A8D7352EB309E41E760
                                                                                                                    Function 00D0D3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00CA3A97,?,?,00CA2E7F,?,?,?,00000000), ref: 00CA3AC2
                                                                                                                      • Part of subcall function 00D0E199: GetFileAttributesW.KERNEL32(?,00D0CF95), ref: 00D0E19A
                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00D0D420
                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,?), ref: 00D0D470
                                                                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00D0D481
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00D0D498
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00D0D4A1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                    • String ID: \*.*
                                                                                                                    • API String ID: 2649000838-1173974218
                                                                                                                    • Opcode ID: 3c7b5b6f4a0ab0f1c25db6e4bbbda729a0a40184199cc27fa27890c227a2fa15
                                                                                                                    • Instruction ID: f27ebc318fa1b25c69cc3f7f0ad458bd507f3ed82c8252e4b3bc21330a2ad68d
                                                                                                                    • Opcode Fuzzy Hash: 3c7b5b6f4a0ab0f1c25db6e4bbbda729a0a40184199cc27fa27890c227a2fa15
                                                                                                                    • Instruction Fuzzy Hash: 723180310183469FC300EFA4D8969AFB7A8AE92304F444A1EF4D5931E1EB34EA09D773
                                                                                                                    Function 00CDE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __floor_pentium4
                                                                                                                    • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                    • API String ID: 4168288129-2761157908
                                                                                                                    • Opcode ID: 60e0478b12312fce15f87e03ce352cff947b999bc4b982a3ca2f900a1ae2ffb4
                                                                                                                    • Instruction ID: eec0c1c873890e31947bc873ed93d50e58d70c8f9b03e305954be7d1cec74961
                                                                                                                    • Opcode Fuzzy Hash: 60e0478b12312fce15f87e03ce352cff947b999bc4b982a3ca2f900a1ae2ffb4
                                                                                                                    • Instruction Fuzzy Hash: FFC23871E086288BDB25DE28DD407EAB7B5FB49304F1541EBD95EE7240E774AE828F40
                                                                                                                    Function 00D1648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _wcslen.LIBCMT ref: 00D164DC
                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00D16639
                                                                                                                    • CoCreateInstance.OLE32(00D3FCF8,00000000,00000001,00D3FB68,?), ref: 00D16650
                                                                                                                    • CoUninitialize.OLE32 ref: 00D168D4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                    • String ID: .lnk
                                                                                                                    • API String ID: 886957087-24824748
                                                                                                                    • Opcode ID: 7a9ddbe25f8764a5338a558ffae5d346a527c72a2bfc4537248b26e2ebb7556f
                                                                                                                    • Instruction ID: 4f2a8e6ae66ab3f4a4286010f9276c51905c09c72f4ef6dd44eb0e072962a765
                                                                                                                    • Opcode Fuzzy Hash: 7a9ddbe25f8764a5338a558ffae5d346a527c72a2bfc4537248b26e2ebb7556f
                                                                                                                    • Instruction Fuzzy Hash: E3D14A71508301AFD304EF24D881EABB7E9FF95708F04496DF5958B291DB70E949CBA2
                                                                                                                    Function 00D222DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetForegroundWindow.USER32(?,?,00000000), ref: 00D222E8
                                                                                                                      • Part of subcall function 00D1E4EC: GetWindowRect.USER32(?,?), ref: 00D1E504
                                                                                                                    • GetDesktopWindow.USER32 ref: 00D22312
                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00D22319
                                                                                                                    • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 00D22355
                                                                                                                    • GetCursorPos.USER32(?), ref: 00D22381
                                                                                                                    • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00D223DF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2387181109-0
                                                                                                                    • Opcode ID: 4724706a23424810425ff1a490b94de4488a698bf3f4088ddda3fef10be7d720
                                                                                                                    • Instruction ID: d88d1aa177515c1283d2f3db4495b14a0d6f273c194dab76d2293c94a17de0cf
                                                                                                                    • Opcode Fuzzy Hash: 4724706a23424810425ff1a490b94de4488a698bf3f4088ddda3fef10be7d720
                                                                                                                    • Instruction Fuzzy Hash: 7431C272504325AFD720DF54D845BABB7A9FF94314F040A1DF985E7291DB34E908CBA2
                                                                                                                    Function 00D19B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD
                                                                                                                    • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 00D19B78
                                                                                                                    • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 00D19C8B
                                                                                                                      • Part of subcall function 00D13874: GetInputState.USER32 ref: 00D138CB
                                                                                                                      • Part of subcall function 00D13874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00D13966
                                                                                                                    • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 00D19BA8
                                                                                                                    • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 00D19C75
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                    • String ID: *.*
                                                                                                                    • API String ID: 1972594611-438819550
                                                                                                                    • Opcode ID: 04f4ca289809a5e3da9364d850b807cd9bed2911fd4fe6dbd5834a648557afac
                                                                                                                    • Instruction ID: c4a9dce84c195563b5bab1157ee3757ad8cda2edc77e62c75eac5b3817d1728a
                                                                                                                    • Opcode Fuzzy Hash: 04f4ca289809a5e3da9364d850b807cd9bed2911fd4fe6dbd5834a648557afac
                                                                                                                    • Instruction Fuzzy Hash: 9C41607194420AAFCF14DF64D9A9AEEBBB9EF05310F244155F845A3291EB309E84DFB0
                                                                                                                    Function 00CB997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00CB9BB2
                                                                                                                    • DefDlgProcW.USER32(?,?,?,?,?), ref: 00CB9A4E
                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00CB9B23
                                                                                                                    • SetBkColor.GDI32(?,00000000), ref: 00CB9B36
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Color$LongProcWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3131106179-0
                                                                                                                    • Opcode ID: 04dec0f553742ffebe11208bda07d778d1906a3cf1422adb42410b8d3d243c0e
                                                                                                                    • Instruction ID: e64ac892bf540f66ce9744ef51485f9576af5ae8d55b47489433d00ed39aeb98
                                                                                                                    • Opcode Fuzzy Hash: 04dec0f553742ffebe11208bda07d778d1906a3cf1422adb42410b8d3d243c0e
                                                                                                                    • Instruction Fuzzy Hash: C6A13B70118558BEE769AB3D8C99EFB369DDF42340F15030AF322D66A1CA359E41E273
                                                                                                                    Function 00D21806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00D2304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00D2307A
                                                                                                                      • Part of subcall function 00D2304E: _wcslen.LIBCMT ref: 00D2309B
                                                                                                                    • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 00D2185D
                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00D21884
                                                                                                                    • bind.WSOCK32(00000000,?,00000010), ref: 00D218DB
                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00D218E6
                                                                                                                    • closesocket.WSOCK32(00000000), ref: 00D21915
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1601658205-0
                                                                                                                    • Opcode ID: 5a438f272463ec5f79b729fcbd56d62dddee06631f92e306c82affc125de2da0
                                                                                                                    • Instruction ID: 10bd822651e5adcd9a04c62e3abb6e7bdb7b3677f39e264e22bb799b85ab98dd
                                                                                                                    • Opcode Fuzzy Hash: 5a438f272463ec5f79b729fcbd56d62dddee06631f92e306c82affc125de2da0
                                                                                                                    • Instruction Fuzzy Hash: 7851D275A00210AFDB10AF24D8C6F6AB7E5AB55718F188098F919AF3C3C771ED419BA1
                                                                                                                    Function 00D31C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 292994002-0
                                                                                                                    • Opcode ID: f1ff54f7512fa6762e8086c32d6bddb323466bc30f70425239e12e51b599a4ef
                                                                                                                    • Instruction ID: 9de2a1cbe65ab7e896ed9a5f046da4cd1cd0083af9f8efddbfd85dc7a0abe08f
                                                                                                                    • Opcode Fuzzy Hash: f1ff54f7512fa6762e8086c32d6bddb323466bc30f70425239e12e51b599a4ef
                                                                                                                    • Instruction Fuzzy Hash: B421A1357402125FD7208F2AD894B6ABBA5EF85315F1DA068E84ADB351CB71EC42CBB0
                                                                                                                    Function 00CA8060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                    • API String ID: 0-1546025612
                                                                                                                    • Opcode ID: 801d12fae94481a04aa0c2f715024017ce38e816143a328c33dc27311f6c7ef1
                                                                                                                    • Instruction ID: e9ec3fbb37d1f6e4e19c7e0400e69d194b0fe3d50f8f2c3a5a4c5c6be0692ff7
                                                                                                                    • Opcode Fuzzy Hash: 801d12fae94481a04aa0c2f715024017ce38e816143a328c33dc27311f6c7ef1
                                                                                                                    • Instruction Fuzzy Hash: 69A2A270E0065ACBDF24CF59C8407AEB7B1FF55318F2481AAE825A7285DB709E85CF90
                                                                                                                    Function 00D0AA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 00D0AAAC
                                                                                                                    • SetKeyboardState.USER32(00000080), ref: 00D0AAC8
                                                                                                                    • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 00D0AB36
                                                                                                                    • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 00D0AB88
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: KeyboardState$InputMessagePostSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 432972143-0
                                                                                                                    • Opcode ID: 549d84ad0f8065374132807667064c78cd19e9c81cb111ca6786f64c975b5496
                                                                                                                    • Instruction ID: ddc824b20a194a6bb44637fd92c64a0ca64b0a0b88f4a2804cc37eda59504acf
                                                                                                                    • Opcode Fuzzy Hash: 549d84ad0f8065374132807667064c78cd19e9c81cb111ca6786f64c975b5496
                                                                                                                    • Instruction Fuzzy Hash: 6531F431A40358AEFB35CB6DCC05BFA7BA6EB45320F08421AF599961E1D375C981C772
                                                                                                                    Function 00D1CE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InternetReadFile.WININET(?,?,00000400,?), ref: 00D1CE89
                                                                                                                    • GetLastError.KERNEL32(?,00000000), ref: 00D1CEEA
                                                                                                                    • SetEvent.KERNEL32(?,?,00000000), ref: 00D1CEFE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorEventFileInternetLastRead
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 234945975-0
                                                                                                                    • Opcode ID: 19d9542177164d0c9d4bc02396862aeb411a214d5b9d7eff82b2854edf5905d4
                                                                                                                    • Instruction ID: 40002fd6ae9334ce0fddb6290979a29845f25a5292babcdb814e13ae5d66550a
                                                                                                                    • Opcode Fuzzy Hash: 19d9542177164d0c9d4bc02396862aeb411a214d5b9d7eff82b2854edf5905d4
                                                                                                                    • Instruction Fuzzy Hash: 7621BDB1590305ABDB20CFA5E948BA7B7F8EF00314F14541EE546E2251EB74EE858BB4
                                                                                                                    Function 00D08298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • lstrlenW.KERNEL32(?,?,?,00000000), ref: 00D082AA
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: lstrlen
                                                                                                                    • String ID: ($|
                                                                                                                    • API String ID: 1659193697-1631851259
                                                                                                                    • Opcode ID: 8e1b9b20d01e7e9cdd01321ddb85f4bff07d3bd0b275a86c172d41c75fd40757
                                                                                                                    • Instruction ID: bb3ce187f672bc26d224710d74d2b37d6f0dd51dbc7dc689fd17c23897bc4a79
                                                                                                                    • Opcode Fuzzy Hash: 8e1b9b20d01e7e9cdd01321ddb85f4bff07d3bd0b275a86c172d41c75fd40757
                                                                                                                    • Instruction Fuzzy Hash: AD323474A007059FCB28CF69C481AAAB7F0FF48710B15C56EE49ADB3A1EB70E941DB54
                                                                                                                    Function 00D15C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00D15CC1
                                                                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 00D15D17
                                                                                                                    • FindClose.KERNEL32(?), ref: 00D15D5F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$File$CloseFirstNext
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3541575487-0
                                                                                                                    • Opcode ID: bfa0bd88e5da4fdde99c1563c0b9c5ca1a5585dbc1fde2aa68849f0161d82c5d
                                                                                                                    • Instruction ID: fb8b0815948c0b7d8183023a8d9290b33d2c7e25bf25701768648bd6e9d95958
                                                                                                                    • Opcode Fuzzy Hash: bfa0bd88e5da4fdde99c1563c0b9c5ca1a5585dbc1fde2aa68849f0161d82c5d
                                                                                                                    • Instruction Fuzzy Hash: 64519C74604602EFC714CF28E494E96B7E4FF4A314F14855DE99A8B3A1CB34ED84CBA1
                                                                                                                    Function 00CD2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • IsDebuggerPresent.KERNEL32 ref: 00CD271A
                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00CD2724
                                                                                                                    • UnhandledExceptionFilter.KERNEL32(?), ref: 00CD2731
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3906539128-0
                                                                                                                    • Opcode ID: 417518a70b0746a1542e70f971171a126e5ee1a86e5dbc1cb1a0432b98f4099c
                                                                                                                    • Instruction ID: 7d55f51ffc8c1104af997b74e2f5463ab98f000379e0a51ac9773902eff2882e
                                                                                                                    • Opcode Fuzzy Hash: 417518a70b0746a1542e70f971171a126e5ee1a86e5dbc1cb1a0432b98f4099c
                                                                                                                    • Instruction Fuzzy Hash: F931D57591131CABCB21DF64DC88B9DBBB8AF18310F5041EAE91CA7260E7349F819F54
                                                                                                                    Function 00D151CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 00D151DA
                                                                                                                    • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 00D15238
                                                                                                                    • SetErrorMode.KERNEL32(00000000), ref: 00D152A1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorMode$DiskFreeSpace
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1682464887-0
                                                                                                                    • Opcode ID: 9838d3aa93960e48ce120e0fde223a2917ce53cd874bc350b5d7ca2189e4bf7e
                                                                                                                    • Instruction ID: 1d7e35769ff493ae8ff5a58cc48f5047976166cbef3be474fa5529cb598f21ac
                                                                                                                    • Opcode Fuzzy Hash: 9838d3aa93960e48ce120e0fde223a2917ce53cd874bc350b5d7ca2189e4bf7e
                                                                                                                    • Instruction Fuzzy Hash: 6B315075A00619EFDB00DF94D884EADBBB4FF49318F088099E805AB396DB75E855CB60
                                                                                                                    Function 00D016C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CBFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00CC0668
                                                                                                                      • Part of subcall function 00CBFDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00CC0685
                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 00D0170D
                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00D0173A
                                                                                                                    • GetLastError.KERNEL32 ref: 00D0174A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 577356006-0
                                                                                                                    • Opcode ID: 503ac47f18340d62f8ddded9242cc24d1a77b4dc5abcd8e755e8a74526084c80
                                                                                                                    • Instruction ID: 4625b65f4e91ac7d027b0508a38aba9e0beb1f718009cf950e72ccba40341fb5
                                                                                                                    • Opcode Fuzzy Hash: 503ac47f18340d62f8ddded9242cc24d1a77b4dc5abcd8e755e8a74526084c80
                                                                                                                    • Instruction Fuzzy Hash: 2A1191B2514304AFD7189F64DC86EAAB7B9EB44714B24852EE05697281EB70FC418B30
                                                                                                                    Function 00D0D5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00D0D608
                                                                                                                    • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 00D0D645
                                                                                                                    • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 00D0D650
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 33631002-0
                                                                                                                    • Opcode ID: e10210b3db1ca8a6737d3b28d989b6923322997ee0cc57414e8113f1f55a397e
                                                                                                                    • Instruction ID: e72bc8dbf1913c52c0c18d7227eae3639c91aa064d061d2112fa4efa96be8ceb
                                                                                                                    • Opcode Fuzzy Hash: e10210b3db1ca8a6737d3b28d989b6923322997ee0cc57414e8113f1f55a397e
                                                                                                                    • Instruction Fuzzy Hash: 16113C75E05328BBDB108F959C45FAFBBBCEB45B50F108126F908E7290D6704A058BA1
                                                                                                                    Function 00D01663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 00D0168C
                                                                                                                    • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 00D016A1
                                                                                                                    • FreeSid.ADVAPI32(?), ref: 00D016B1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3429775523-0
                                                                                                                    • Opcode ID: 4b84d0c24b8a1b1c45698c65706b2212f5e6dd950dda721665744d22af329e3d
                                                                                                                    • Instruction ID: 278e685827f7c02cec01daf0807bd76eba65b63bedce15adfd1512554a308f17
                                                                                                                    • Opcode Fuzzy Hash: 4b84d0c24b8a1b1c45698c65706b2212f5e6dd950dda721665744d22af329e3d
                                                                                                                    • Instruction Fuzzy Hash: 33F0F47595030DFBDB00DFE49D89AAEBBBCEB08704F504565E501E2281E774AA448B60
                                                                                                                    Function 00CDC2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: /
                                                                                                                    • API String ID: 0-2043925204
                                                                                                                    • Opcode ID: 0f9d135613fe0191cc0a937e7dbd9dbe91a7e710870c6b3c99fb6b976c264892
                                                                                                                    • Instruction ID: 2aaead7019ef4960b50b6a10ab65543ee65474d85bef7fa6169aaafe7af06200
                                                                                                                    • Opcode Fuzzy Hash: 0f9d135613fe0191cc0a937e7dbd9dbe91a7e710870c6b3c99fb6b976c264892
                                                                                                                    • Instruction Fuzzy Hash: B3413B7650021A6FCB249FB9CC89EFB77B8EB84314F10426AFA15D7390E6709E41CB50
                                                                                                                    Function 00CFD27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetUserNameW.ADVAPI32(?,?), ref: 00CFD28C
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: NameUser
                                                                                                                    • String ID: X64
                                                                                                                    • API String ID: 2645101109-893830106
                                                                                                                    • Opcode ID: ca163c03e6b1a6afdde39b37ae90dae53e73c2a038021973dae6ece9bae2f186
                                                                                                                    • Instruction ID: 496c020ceb8e3108a5f1b1c059c319de9e005474165f6d2e5426fbe457e09441
                                                                                                                    • Opcode Fuzzy Hash: ca163c03e6b1a6afdde39b37ae90dae53e73c2a038021973dae6ece9bae2f186
                                                                                                                    • Instruction Fuzzy Hash: DAD0C9B481111DEACB94DB90ECC8DDAB37CBB04305F100191F106E2100D73095488F20
                                                                                                                    Function 00CCCAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                    • Instruction ID: 6e9ed51d140cab7be87228cfdc90ebae4805c6d8836eb40b60eec0c4952f73a6
                                                                                                                    • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                    • Instruction Fuzzy Hash: 5E020C71E002199BDF14CFA9C980BADBBF1EF48314F25816DD929E7384D731AA418B94
                                                                                                                    Function 00D168EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00D16918
                                                                                                                    • FindClose.KERNEL32(00000000), ref: 00D16961
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Find$CloseFileFirst
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2295610775-0
                                                                                                                    • Opcode ID: d643b829e2e7e9b13743e1b96033250fc7e8e215eb0a69fc49f0d351fd5fbb29
                                                                                                                    • Instruction ID: 276346e4947f48efbd522e73e0d40bc9ce39a9d15decf398045d3ecb996f2cac
                                                                                                                    • Opcode Fuzzy Hash: d643b829e2e7e9b13743e1b96033250fc7e8e215eb0a69fc49f0d351fd5fbb29
                                                                                                                    • Instruction Fuzzy Hash: A51193356142119FC710DF69D884A16BBE5FF85328F14C699E4698F3A2CB30EC45CBA1
                                                                                                                    Function 00D137B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,00D24891,?,?,00000035,?), ref: 00D137E4
                                                                                                                    • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,00D24891,?,?,00000035,?), ref: 00D137F4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorFormatLastMessage
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3479602957-0
                                                                                                                    • Opcode ID: e613f5f0b3fc23c089ba2fc91432d2ed46f1442ed61cf79664eed72cd4653843
                                                                                                                    • Instruction ID: c4df6a956fae669f120da6f58b860222edc0734273d54b953b7fa4db19c9a239
                                                                                                                    • Opcode Fuzzy Hash: e613f5f0b3fc23c089ba2fc91432d2ed46f1442ed61cf79664eed72cd4653843
                                                                                                                    • Instruction Fuzzy Hash: 03F0A0B16043292AE62057A69C49FEB3AAEEF85765F000175B509E2291D9609944C7B0
                                                                                                                    Function 00D0B226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 00D0B25D
                                                                                                                    • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 00D0B270
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InputSendkeybd_event
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3536248340-0
                                                                                                                    • Opcode ID: 86c53bd30b42a3cf5ee424ead5894331a23d3363d46dfab0a82505764c387ce0
                                                                                                                    • Instruction ID: 394f5f6460132a065d275edb8bb07b32314eb8c4a13928f7b0a1910c3be3f93a
                                                                                                                    • Opcode Fuzzy Hash: 86c53bd30b42a3cf5ee424ead5894331a23d3363d46dfab0a82505764c387ce0
                                                                                                                    • Instruction Fuzzy Hash: 0FF01D7181424DABDB059FA0C805BAE7BB4FF04315F04900AF955A5191C379C6119FA4
                                                                                                                    Function 00D010BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00D011FC), ref: 00D010D4
                                                                                                                    • CloseHandle.KERNEL32(?,?,00D011FC), ref: 00D010E9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 81990902-0
                                                                                                                    • Opcode ID: 1a7085f034cb27a5a263fabc46e0fef38cc5946f0d51c75b4e48e15e34f97744
                                                                                                                    • Instruction ID: e59b962d92b005a8f49f0e088baab3aaa43cd2a39a2e92401337f0f85f869ea3
                                                                                                                    • Opcode Fuzzy Hash: 1a7085f034cb27a5a263fabc46e0fef38cc5946f0d51c75b4e48e15e34f97744
                                                                                                                    • Instruction Fuzzy Hash: AAE0BF72014750AEE7252B61FC05EB777E9EB04310F14882DF5A5905B1DB62ACA1EB60
                                                                                                                    Function 00CACAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    • Variable is not of type 'Object'., xrefs: 00CF0C40
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: Variable is not of type 'Object'.
                                                                                                                    • API String ID: 0-1840281001
                                                                                                                    • Opcode ID: 6a9b13127e93b320f024f8f8821c5c4db13b09e866db947a37c33b73c68ecfd6
                                                                                                                    • Instruction ID: de4802c200d36af0d5412ad7c9a16716ade9683f0486638fb5ca334604894ae7
                                                                                                                    • Opcode Fuzzy Hash: 6a9b13127e93b320f024f8f8821c5c4db13b09e866db947a37c33b73c68ecfd6
                                                                                                                    • Instruction Fuzzy Hash: 17329A7090021ADFCF14DF94C885AFDB7B5FF06308F248069E916AB292DB35AE45DB61
                                                                                                                    Function 00CD676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,00CD6766,?,?,00000008,?,?,00CDFEFE,00000000), ref: 00CD6998
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionRaise
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3997070919-0
                                                                                                                    • Opcode ID: ca4f50ad80b6a84cba71cebdaef265e5ab2dbe69703a646387e01dbf0cf5573b
                                                                                                                    • Instruction ID: 0b3ea1d68bb04f58d21aac9ff32d6f46105a68920ed3df894bd4d9ad1e6848c9
                                                                                                                    • Opcode Fuzzy Hash: ca4f50ad80b6a84cba71cebdaef265e5ab2dbe69703a646387e01dbf0cf5573b
                                                                                                                    • Instruction Fuzzy Hash: 13B14A316106099FD715CF28C48AB657BE0FF45364F25865AEAE9CF3A2C335EA81DB40
                                                                                                                    Function 00CBB119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 0-3916222277
                                                                                                                    • Opcode ID: dd60f4085bc05c737cdf5be1c4af4b83f6ddb121cc1afaa05ad48bfb8ef37d07
                                                                                                                    • Instruction ID: 768f22c4a820c72a9359019050a68883a55db904ad49ee95ff0555574d3ae567
                                                                                                                    • Opcode Fuzzy Hash: dd60f4085bc05c737cdf5be1c4af4b83f6ddb121cc1afaa05ad48bfb8ef37d07
                                                                                                                    • Instruction Fuzzy Hash: C5127E71A002299BDB64CF59C8806FEB7F5FF48310F10819AE949EB251DB709E85CFA1
                                                                                                                    Function 00D1EAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • BlockInput.USER32(00000001), ref: 00D1EABD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: BlockInput
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3456056419-0
                                                                                                                    • Opcode ID: 73966990cdf8a5966e866875e690e0143eef858b9480c81730a9e14c133d4ccc
                                                                                                                    • Instruction ID: c9f65d785cf0b46fa760db41b327ddbea64b17469127c0cef04dbf645b494e65
                                                                                                                    • Opcode Fuzzy Hash: 73966990cdf8a5966e866875e690e0143eef858b9480c81730a9e14c133d4ccc
                                                                                                                    • Instruction Fuzzy Hash: 70E04F32214205AFC710EF69E845E9AF7E9AF99764F048416FC4AD7361DB70EC808BA1
                                                                                                                    Function 00CC09D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,00CC03EE), ref: 00CC09DA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ExceptionFilterUnhandled
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3192549508-0
                                                                                                                    • Opcode ID: 18b4898833545ab2757a6b4b345049fe7e4e2c30d28c411ae063f180724f9699
                                                                                                                    • Instruction ID: 1b20b1c7169589d335e568f73c26a39a180334010f0106ab48c23874d97b96a8
                                                                                                                    • Opcode Fuzzy Hash: 18b4898833545ab2757a6b4b345049fe7e4e2c30d28c411ae063f180724f9699
                                                                                                                    • Instruction Fuzzy Hash:
                                                                                                                    Function 00CC781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 0-4108050209
                                                                                                                    • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                    • Instruction ID: a57b903c28d125d9c4087abb48c6d0014ba974e88435184ab29152bacb84f7f1
                                                                                                                    • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                    • Instruction Fuzzy Hash: 5051756160C6055BDF388629C95AFBF2399DB12340F18070DEAA2EB6C2C625DF45EF52
                                                                                                                    Function 00CD6DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 9826ab65b07dd3bb65fc7d20d62bff264078b217e8482768c522ac57c030f916
                                                                                                                    • Instruction ID: e86eb8c79b34a1ad8f2d0cf5ea0842e2ab52c91015115354eb10a13cb40023df
                                                                                                                    • Opcode Fuzzy Hash: 9826ab65b07dd3bb65fc7d20d62bff264078b217e8482768c522ac57c030f916
                                                                                                                    • Instruction Fuzzy Hash: 0C321326D29F014EDB239A34D862335A249AFB73C5F55C737F82AB5AA5FB39C5834100
                                                                                                                    Function 00CBCC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 973e589a0e05a889cde96530e2ab012e559f46c1ad1709d5944665a16a99867f
                                                                                                                    • Instruction ID: a55f9771de67f94c4409d2f8025943f45b63dd3baffb2f0a6b5ee7a51443124f
                                                                                                                    • Opcode Fuzzy Hash: 973e589a0e05a889cde96530e2ab012e559f46c1ad1709d5944665a16a99867f
                                                                                                                    • Instruction Fuzzy Hash: D6321631B0411D8BDF68CF2DC6D46BD7BA1EB45300F28856AD66ACB295D230DE81EB52
                                                                                                                    Function 00CA7920 Relevance: .6, Instructions: 563COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: ceed28e8b00c03e6b04946cfac9dc3b5cb189855ff050c949691bc8a36d51b3e
                                                                                                                    • Instruction ID: 341083f5d1495b33822acb87cf8e91a703195a7caa3c3df661c3752870b03fde
                                                                                                                    • Opcode Fuzzy Hash: ceed28e8b00c03e6b04946cfac9dc3b5cb189855ff050c949691bc8a36d51b3e
                                                                                                                    • Instruction Fuzzy Hash: 9E22B1B0A0064ADFDF14CF65D981AEEB3F5FF45308F204629E816A7291EB359E11DB60
                                                                                                                    Function 00CA91C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 49ff576bd3b40074900321cac6367a7599bf5652f4018561c187e7a46ca44716
                                                                                                                    • Instruction ID: 95b22b3cba219d0105bfaa0ef54bad0790305f4b5dfc8c01a0c95db44e663e4d
                                                                                                                    • Opcode Fuzzy Hash: 49ff576bd3b40074900321cac6367a7599bf5652f4018561c187e7a46ca44716
                                                                                                                    • Instruction Fuzzy Hash: DD02B6B0E00246EBDB04DF65D881AAEB7B5FF44344F208169E816DB391EB31EE11DB95
                                                                                                                    Function 00CD9EEE Relevance: .3, Instructions: 294COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e26cdaae59d6f116cb56c2d49cdf34436d56b257955484ca2a0cd4e7dc874d8b
                                                                                                                    • Instruction ID: 50cb3ada8cfffbf50bf92dcb73b7fe1f8d3dc0b3a79f4a7bf0c59357f184d877
                                                                                                                    • Opcode Fuzzy Hash: e26cdaae59d6f116cb56c2d49cdf34436d56b257955484ca2a0cd4e7dc874d8b
                                                                                                                    • Instruction Fuzzy Hash: 0EB10425D2AF404ED3239B398835336B65CAFBB6D5F51D71BFC16B4E62EB2286834140
                                                                                                                    Function 00CC1C77 Relevance: .3, Instructions: 254COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                    • Instruction ID: aad0dfc7937d5e211b0a38e10825c2f40727e655b1819483396eac13136814b0
                                                                                                                    • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                    • Instruction Fuzzy Hash: 959157725080A34AD72A463BC574A7DFFE15A533A131D079DECF3CA1C6EE24CA65D620
                                                                                                                    Function 00CC1F32 Relevance: .2, Instructions: 244COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                    • Instruction ID: ab90d0a0571dc54c657c796f59872bae87671b80a0a19a7306fdc66b5e1e7c90
                                                                                                                    • Opcode Fuzzy Hash: 05e0b846b00456d0f1e87463b9d189974beed2fe63262d4392584e128a114ea2
                                                                                                                    • Instruction Fuzzy Hash: 1B916B721090A349DB69467FC57493DFFE15A933A131E079ED8F2CB1C6EE24CA54D620
                                                                                                                    Function 00CC19B0 Relevance: .2, Instructions: 240COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                    • Instruction ID: 4946d0021240dce2e319e0f867d1c4e0ce7d64192ee87fdab6b525e51916d51b
                                                                                                                    • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                    • Instruction Fuzzy Hash: 329125722090A34EDB2D467BC57493DFFE15A933A131D079DD8F2CA1C2FD24CA65AA20
                                                                                                                    Function 00CC7A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 8b46efd753f4801304fdfdc76f62ec9e9fc8e47ed918d2463160761e52360511
                                                                                                                    • Instruction ID: b64e7d45d99f10e22fbd83722f91230f146046bdc1a12ae3ac4758c13561cb40
                                                                                                                    • Opcode Fuzzy Hash: 8b46efd753f4801304fdfdc76f62ec9e9fc8e47ed918d2463160761e52360511
                                                                                                                    • Instruction Fuzzy Hash: 12616671608709A7DF349A28C9B6FBF2394DF41710F101B5EE863CB281DA119F82AF55
                                                                                                                    Function 00CC7CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 1c27747832112b3605ba2cb41664d96f2e837838c49e97df6f1d34573f1ed724
                                                                                                                    • Instruction ID: ecb8fd468c33d8d1c95b1a3261217f1ba4790c17a61213c848d0cde452a9ca79
                                                                                                                    • Opcode Fuzzy Hash: 1c27747832112b3605ba2cb41664d96f2e837838c49e97df6f1d34573f1ed724
                                                                                                                    • Instruction Fuzzy Hash: 24617A726087096BDE385A28C856FBF2394EF42740F100B5EF853DB681DA12EF46DE55
                                                                                                                    Function 00CC1706 Relevance: .2, Instructions: 232COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                    • Instruction ID: 8e9516affb2bfb7095b9baad6bb6951176559e8a5f16476765b5e847aabfa27f
                                                                                                                    • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                    • Instruction Fuzzy Hash: ED81447250D0A349DB69463BC574A3EFFE15A933A131E079DD8F2CA1C3EE24D654E620
                                                                                                                    Function 00D12046 Relevance: .1, Instructions: 72COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 95822b9821b64f073c44fef441cb6fd47243b854d6573f9c6f224b9881a6d986
                                                                                                                    • Instruction ID: 1247e2233fb19b2fc8e79c203144fb85e651bbf5253c92195db5c2588ae7caa6
                                                                                                                    • Opcode Fuzzy Hash: 95822b9821b64f073c44fef441cb6fd47243b854d6573f9c6f224b9881a6d986
                                                                                                                    • Instruction Fuzzy Hash: 9421BB326206118BD728CF79C8236BE73E5E754310F19862EE4A7C37D1DE36A944C750
                                                                                                                    Function 00D22ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00D22B30
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00D22B43
                                                                                                                    • DestroyWindow.USER32 ref: 00D22B52
                                                                                                                    • GetDesktopWindow.USER32 ref: 00D22B6D
                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00D22B74
                                                                                                                    • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 00D22CA3
                                                                                                                    • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 00D22CB1
                                                                                                                    • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D22CF8
                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 00D22D04
                                                                                                                    • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00D22D40
                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D22D62
                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D22D75
                                                                                                                    • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D22D80
                                                                                                                    • GlobalLock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D22D89
                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D22D98
                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D22DA1
                                                                                                                    • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D22DA8
                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00D22DB3
                                                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D22DC5
                                                                                                                    • OleLoadPicture.OLEAUT32(?,00000000,00000000,00D3FC38,00000000), ref: 00D22DDB
                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00D22DEB
                                                                                                                    • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 00D22E11
                                                                                                                    • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 00D22E30
                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D22E52
                                                                                                                    • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00D2303F
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                    • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                    • API String ID: 2211948467-2373415609
                                                                                                                    • Opcode ID: 6f75d68ac0f185cd80effb48d617950716e17f3d45ddd9bd996df153ff255748
                                                                                                                    • Instruction ID: 5b0720fcab9a134ea26be58d3ab0aa6605844f0bc85c14ded9d313a4cb41a1be
                                                                                                                    • Opcode Fuzzy Hash: 6f75d68ac0f185cd80effb48d617950716e17f3d45ddd9bd996df153ff255748
                                                                                                                    • Instruction Fuzzy Hash: AC027975910215AFDB14DFA8DC89EAE7BB9EF49314F048118F915EB2A1DB74AD00CB70
                                                                                                                    Function 00D370D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00D3712F
                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00D37160
                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00D3716C
                                                                                                                    • SetBkColor.GDI32(?,000000FF), ref: 00D37186
                                                                                                                    • SelectObject.GDI32(?,?), ref: 00D37195
                                                                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 00D371C0
                                                                                                                    • GetSysColor.USER32(00000010), ref: 00D371C8
                                                                                                                    • CreateSolidBrush.GDI32(00000000), ref: 00D371CF
                                                                                                                    • FrameRect.USER32(?,?,00000000), ref: 00D371DE
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00D371E5
                                                                                                                    • InflateRect.USER32(?,000000FE,000000FE), ref: 00D37230
                                                                                                                    • FillRect.USER32(?,?,?), ref: 00D37262
                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00D37284
                                                                                                                      • Part of subcall function 00D373E8: GetSysColor.USER32(00000012), ref: 00D37421
                                                                                                                      • Part of subcall function 00D373E8: SetTextColor.GDI32(?,?), ref: 00D37425
                                                                                                                      • Part of subcall function 00D373E8: GetSysColorBrush.USER32(0000000F), ref: 00D3743B
                                                                                                                      • Part of subcall function 00D373E8: GetSysColor.USER32(0000000F), ref: 00D37446
                                                                                                                      • Part of subcall function 00D373E8: GetSysColor.USER32(00000011), ref: 00D37463
                                                                                                                      • Part of subcall function 00D373E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00D37471
                                                                                                                      • Part of subcall function 00D373E8: SelectObject.GDI32(?,00000000), ref: 00D37482
                                                                                                                      • Part of subcall function 00D373E8: SetBkColor.GDI32(?,00000000), ref: 00D3748B
                                                                                                                      • Part of subcall function 00D373E8: SelectObject.GDI32(?,?), ref: 00D37498
                                                                                                                      • Part of subcall function 00D373E8: InflateRect.USER32(?,000000FF,000000FF), ref: 00D374B7
                                                                                                                      • Part of subcall function 00D373E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00D374CE
                                                                                                                      • Part of subcall function 00D373E8: GetWindowLongW.USER32(00000000,000000F0), ref: 00D374DB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4124339563-0
                                                                                                                    • Opcode ID: 25a08ccefc0b558b37f91b6b1e294e19e4fa3f77f43a8bfc480b09ef8ec27ebe
                                                                                                                    • Instruction ID: b43ad55517581a9135d84439b1c83af3897262c9d46472833bda5ba35dfb7736
                                                                                                                    • Opcode Fuzzy Hash: 25a08ccefc0b558b37f91b6b1e294e19e4fa3f77f43a8bfc480b09ef8ec27ebe
                                                                                                                    • Instruction Fuzzy Hash: 1DA1C072018701BFDB109F60DC48E6B7BA9FF48320F142A19F9A2E62E1D771E944DB61
                                                                                                                    Function 00CB8D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DestroyWindow.USER32(?,?), ref: 00CB8E14
                                                                                                                    • SendMessageW.USER32(?,00001308,?,00000000), ref: 00CF6AC5
                                                                                                                    • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 00CF6AFE
                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 00CF6F43
                                                                                                                      • Part of subcall function 00CB8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00CB8BE8,?,00000000,?,?,?,?,00CB8BBA,00000000,?), ref: 00CB8FC5
                                                                                                                    • SendMessageW.USER32(?,00001053), ref: 00CF6F7F
                                                                                                                    • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 00CF6F96
                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?), ref: 00CF6FAC
                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?), ref: 00CF6FB7
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 2760611726-4108050209
                                                                                                                    • Opcode ID: 32ed074ca80cf54b9c22978885b0f1eba203e1bb7408694d04fcfc0ec7d2749a
                                                                                                                    • Instruction ID: fcecb91ec951debcb705f3bfc6ca5d609148c2df074ceb5f43e105c092e5798c
                                                                                                                    • Opcode Fuzzy Hash: 32ed074ca80cf54b9c22978885b0f1eba203e1bb7408694d04fcfc0ec7d2749a
                                                                                                                    • Instruction Fuzzy Hash: 3E12BC38200245EFDB65DF28C844BB6B7E5FB44300F144169E6A9DB261CB31ED96DFA2
                                                                                                                    Function 00D22711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DestroyWindow.USER32(00000000), ref: 00D2273E
                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00D2286A
                                                                                                                    • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 00D228A9
                                                                                                                    • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00D228B9
                                                                                                                    • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 00D22900
                                                                                                                    • GetClientRect.USER32(00000000,?), ref: 00D2290C
                                                                                                                    • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 00D22955
                                                                                                                    • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00D22964
                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00D22974
                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00D22978
                                                                                                                    • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 00D22988
                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00D22991
                                                                                                                    • DeleteDC.GDI32(00000000), ref: 00D2299A
                                                                                                                    • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00D229C6
                                                                                                                    • SendMessageW.USER32(00000030,00000000,00000001), ref: 00D229DD
                                                                                                                    • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 00D22A1D
                                                                                                                    • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00D22A31
                                                                                                                    • SendMessageW.USER32(00000404,00000001,00000000), ref: 00D22A42
                                                                                                                    • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 00D22A77
                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00D22A82
                                                                                                                    • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 00D22A8D
                                                                                                                    • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 00D22A97
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                    • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                    • API String ID: 2910397461-517079104
                                                                                                                    • Opcode ID: 06d3f3b614c9d747a98a37a360bb18dc8ac7c2aabc9b976427a188d8b4c59fbe
                                                                                                                    • Instruction ID: a6d8bfa3cc735bc00bd96396356dc6229186870ef869170886ccdc50fc73fa03
                                                                                                                    • Opcode Fuzzy Hash: 06d3f3b614c9d747a98a37a360bb18dc8ac7c2aabc9b976427a188d8b4c59fbe
                                                                                                                    • Instruction Fuzzy Hash: 34B15C75A10215BFEB14DF68DC8AFAE7BA9EB08714F008214F915E72A1D774ED40CBA0
                                                                                                                    Function 00D14ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 00D14AED
                                                                                                                    • GetDriveTypeW.KERNEL32(?,00D3CB68,?,\\.\,00D3CC08), ref: 00D14BCA
                                                                                                                    • SetErrorMode.KERNEL32(00000000,00D3CB68,?,\\.\,00D3CC08), ref: 00D14D36
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorMode$DriveType
                                                                                                                    • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                    • API String ID: 2907320926-4222207086
                                                                                                                    • Opcode ID: 62cc59eb12b90d245a1f8558a73379185533baf9c10a7dcd8d52de934952790a
                                                                                                                    • Instruction ID: cf3046f2f6decd46c98e552bb49647cd38b523841248264ad7c6775c038771d1
                                                                                                                    • Opcode Fuzzy Hash: 62cc59eb12b90d245a1f8558a73379185533baf9c10a7dcd8d52de934952790a
                                                                                                                    • Instruction Fuzzy Hash: B461A370605206FFCB04DF24EA82DE9B7A2EF45744B284015F846AB291DF35DD85EBB1
                                                                                                                    Function 00D373E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetSysColor.USER32(00000012), ref: 00D37421
                                                                                                                    • SetTextColor.GDI32(?,?), ref: 00D37425
                                                                                                                    • GetSysColorBrush.USER32(0000000F), ref: 00D3743B
                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00D37446
                                                                                                                    • CreateSolidBrush.GDI32(?), ref: 00D3744B
                                                                                                                    • GetSysColor.USER32(00000011), ref: 00D37463
                                                                                                                    • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00D37471
                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00D37482
                                                                                                                    • SetBkColor.GDI32(?,00000000), ref: 00D3748B
                                                                                                                    • SelectObject.GDI32(?,?), ref: 00D37498
                                                                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 00D374B7
                                                                                                                    • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 00D374CE
                                                                                                                    • GetWindowLongW.USER32(00000000,000000F0), ref: 00D374DB
                                                                                                                    • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00D3752A
                                                                                                                    • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00D37554
                                                                                                                    • InflateRect.USER32(?,000000FD,000000FD), ref: 00D37572
                                                                                                                    • DrawFocusRect.USER32(?,?), ref: 00D3757D
                                                                                                                    • GetSysColor.USER32(00000011), ref: 00D3758E
                                                                                                                    • SetTextColor.GDI32(?,00000000), ref: 00D37596
                                                                                                                    • DrawTextW.USER32(?,00D370F5,000000FF,?,00000000), ref: 00D375A8
                                                                                                                    • SelectObject.GDI32(?,?), ref: 00D375BF
                                                                                                                    • DeleteObject.GDI32(?), ref: 00D375CA
                                                                                                                    • SelectObject.GDI32(?,?), ref: 00D375D0
                                                                                                                    • DeleteObject.GDI32(?), ref: 00D375D5
                                                                                                                    • SetTextColor.GDI32(?,?), ref: 00D375DB
                                                                                                                    • SetBkColor.GDI32(?,?), ref: 00D375E5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1996641542-0
                                                                                                                    • Opcode ID: 8895d09a9eb4e22f45924236765c248fb3ef18ce4a11993c4473780edbd9e508
                                                                                                                    • Instruction ID: 1a2f6aa369c1b2c21c825a67a8e66cf15d43ae9a91650506bfc8e01678ff24ea
                                                                                                                    • Opcode Fuzzy Hash: 8895d09a9eb4e22f45924236765c248fb3ef18ce4a11993c4473780edbd9e508
                                                                                                                    • Instruction Fuzzy Hash: 5A617B72900218AFDF119FA4DC49EEEBFB9EB08360F145115F911FB2A1D775A940DBA0
                                                                                                                    Function 00D30FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCursorPos.USER32(?), ref: 00D31128
                                                                                                                    • GetDesktopWindow.USER32 ref: 00D3113D
                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00D31144
                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00D31199
                                                                                                                    • DestroyWindow.USER32(?), ref: 00D311B9
                                                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00D311ED
                                                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00D3120B
                                                                                                                    • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00D3121D
                                                                                                                    • SendMessageW.USER32(00000000,00000421,?,?), ref: 00D31232
                                                                                                                    • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00D31245
                                                                                                                    • IsWindowVisible.USER32(00000000), ref: 00D312A1
                                                                                                                    • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 00D312BC
                                                                                                                    • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 00D312D0
                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00D312E8
                                                                                                                    • MonitorFromPoint.USER32(?,?,00000002), ref: 00D3130E
                                                                                                                    • GetMonitorInfoW.USER32(00000000,?), ref: 00D31328
                                                                                                                    • CopyRect.USER32(?,?), ref: 00D3133F
                                                                                                                    • SendMessageW.USER32(00000000,00000412,00000000), ref: 00D313AA
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                    • String ID: ($0$tooltips_class32
                                                                                                                    • API String ID: 698492251-4156429822
                                                                                                                    • Opcode ID: e65503f23a3f0e75c0f7bd65c2c5c3eb16eec1b63eab33c05dcb043838d4cb51
                                                                                                                    • Instruction ID: 7b2831abb9199ae1f16f374446854edc382511ec9b20591822382afa301eda6a
                                                                                                                    • Opcode Fuzzy Hash: e65503f23a3f0e75c0f7bd65c2c5c3eb16eec1b63eab33c05dcb043838d4cb51
                                                                                                                    • Instruction Fuzzy Hash: 7DB19C75608342AFD714DF64C885BABBBE4FF85354F048918F999AB2A1C731EC44CBA1
                                                                                                                    Function 00D30241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CharUpperBuffW.USER32(?,?), ref: 00D302E5
                                                                                                                    • _wcslen.LIBCMT ref: 00D3031F
                                                                                                                    • _wcslen.LIBCMT ref: 00D30389
                                                                                                                    • _wcslen.LIBCMT ref: 00D303F1
                                                                                                                    • _wcslen.LIBCMT ref: 00D30475
                                                                                                                    • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 00D304C5
                                                                                                                    • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00D30504
                                                                                                                      • Part of subcall function 00CBF9F2: _wcslen.LIBCMT ref: 00CBF9FD
                                                                                                                      • Part of subcall function 00D0223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00D02258
                                                                                                                      • Part of subcall function 00D0223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00D0228A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                    • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                    • API String ID: 1103490817-719923060
                                                                                                                    • Opcode ID: 7f4ff3d3407302a63b673d97bb06f2daba9ed57d85ee35ca0534c596a082cacc
                                                                                                                    • Instruction ID: c9abcf384ec1ce192a40bc30b822e6076acddc8873ea3639a14d536543170b86
                                                                                                                    • Opcode Fuzzy Hash: 7f4ff3d3407302a63b673d97bb06f2daba9ed57d85ee35ca0534c596a082cacc
                                                                                                                    • Instruction Fuzzy Hash: 80E1B0316183018FC714DF24C86196EBBE6BF88718F18495CF8969B3A6DB30ED45DBA1
                                                                                                                    Function 00CB8891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00CB8968
                                                                                                                    • GetSystemMetrics.USER32(00000007), ref: 00CB8970
                                                                                                                    • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00CB899B
                                                                                                                    • GetSystemMetrics.USER32(00000008), ref: 00CB89A3
                                                                                                                    • GetSystemMetrics.USER32(00000004), ref: 00CB89C8
                                                                                                                    • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00CB89E5
                                                                                                                    • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00CB89F5
                                                                                                                    • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00CB8A28
                                                                                                                    • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00CB8A3C
                                                                                                                    • GetClientRect.USER32(00000000,000000FF), ref: 00CB8A5A
                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00CB8A76
                                                                                                                    • SendMessageW.USER32(00000000,00000030,00000000), ref: 00CB8A81
                                                                                                                      • Part of subcall function 00CB912D: GetCursorPos.USER32(?), ref: 00CB9141
                                                                                                                      • Part of subcall function 00CB912D: ScreenToClient.USER32(00000000,?), ref: 00CB915E
                                                                                                                      • Part of subcall function 00CB912D: GetAsyncKeyState.USER32(00000001), ref: 00CB9183
                                                                                                                      • Part of subcall function 00CB912D: GetAsyncKeyState.USER32(00000002), ref: 00CB919D
                                                                                                                    • SetTimer.USER32(00000000,00000000,00000028,00CB90FC), ref: 00CB8AA8
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                    • String ID: AutoIt v3 GUI
                                                                                                                    • API String ID: 1458621304-248962490
                                                                                                                    • Opcode ID: 5515a4502a4546e04a562256cae8cb2719d9e64f88d9e034a5e19f5633af0279
                                                                                                                    • Instruction ID: 27b535cba7f5a7ff6215421739c468d41b5fb08838324bf84fd92f6d65792b69
                                                                                                                    • Opcode Fuzzy Hash: 5515a4502a4546e04a562256cae8cb2719d9e64f88d9e034a5e19f5633af0279
                                                                                                                    • Instruction Fuzzy Hash: 66B12975A0020AAFDF14DFA8DC45BEA7BB5FB48314F104229FA25E7290DB74A941CF61
                                                                                                                    Function 00D00D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00D010F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00D01114
                                                                                                                      • Part of subcall function 00D010F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,00D00B9B,?,?,?), ref: 00D01120
                                                                                                                      • Part of subcall function 00D010F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00D00B9B,?,?,?), ref: 00D0112F
                                                                                                                      • Part of subcall function 00D010F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00D00B9B,?,?,?), ref: 00D01136
                                                                                                                      • Part of subcall function 00D010F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00D0114D
                                                                                                                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00D00DF5
                                                                                                                    • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00D00E29
                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00D00E40
                                                                                                                    • GetAce.ADVAPI32(?,00000000,?), ref: 00D00E7A
                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00D00E96
                                                                                                                    • GetLengthSid.ADVAPI32(?), ref: 00D00EAD
                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000008), ref: 00D00EB5
                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00D00EBC
                                                                                                                    • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00D00EDD
                                                                                                                    • CopySid.ADVAPI32(00000000), ref: 00D00EE4
                                                                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00D00F13
                                                                                                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00D00F35
                                                                                                                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00D00F47
                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D00F6E
                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00D00F75
                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D00F7E
                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00D00F85
                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D00F8E
                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00D00F95
                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 00D00FA1
                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00D00FA8
                                                                                                                      • Part of subcall function 00D01193: GetProcessHeap.KERNEL32(00000008,00D00BB1,?,00000000,?,00D00BB1,?), ref: 00D011A1
                                                                                                                      • Part of subcall function 00D01193: HeapAlloc.KERNEL32(00000000,?,00000000,?,00D00BB1,?), ref: 00D011A8
                                                                                                                      • Part of subcall function 00D01193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,00D00BB1,?), ref: 00D011B7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4175595110-0
                                                                                                                    • Opcode ID: c95182ab71e73b8fcc01b93eaba4487b7116bdb9c8cfea53c1609efb7f6a4a6b
                                                                                                                    • Instruction ID: 48366546d2ab9ff08bca0049da70f62e2d6690705594b2aceae1b969c942815a
                                                                                                                    • Opcode Fuzzy Hash: c95182ab71e73b8fcc01b93eaba4487b7116bdb9c8cfea53c1609efb7f6a4a6b
                                                                                                                    • Instruction Fuzzy Hash: 34714A7290430ABBDB209FA4DC49BAEBFB8BF05301F184115FA59F6291D7719905DB70
                                                                                                                    Function 00D2C3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00D2C4BD
                                                                                                                    • RegCreateKeyExW.ADVAPI32(?,?,00000000,00D3CC08,00000000,?,00000000,?,?), ref: 00D2C544
                                                                                                                    • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 00D2C5A4
                                                                                                                    • _wcslen.LIBCMT ref: 00D2C5F4
                                                                                                                    • _wcslen.LIBCMT ref: 00D2C66F
                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 00D2C6B2
                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 00D2C7C1
                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 00D2C84D
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00D2C881
                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00D2C88E
                                                                                                                    • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 00D2C960
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                    • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                    • API String ID: 9721498-966354055
                                                                                                                    • Opcode ID: cc71cfc1bca5fa9e63107ac08afdd494694065b483d09119e894d67fef2e042d
                                                                                                                    • Instruction ID: f60e4a80d2d100d9503ec0279d1533cce5f8ec37165ee353fb95c8e548f7c0ed
                                                                                                                    • Opcode Fuzzy Hash: cc71cfc1bca5fa9e63107ac08afdd494694065b483d09119e894d67fef2e042d
                                                                                                                    • Instruction Fuzzy Hash: 4A1279356142119FCB14EF14D891A2AB7E5FF89718F08895CF88A9B3A2DB31FC41DB91
                                                                                                                    Function 00D3091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CharUpperBuffW.USER32(?,?), ref: 00D309C6
                                                                                                                    • _wcslen.LIBCMT ref: 00D30A01
                                                                                                                    • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00D30A54
                                                                                                                    • _wcslen.LIBCMT ref: 00D30A8A
                                                                                                                    • _wcslen.LIBCMT ref: 00D30B06
                                                                                                                    • _wcslen.LIBCMT ref: 00D30B81
                                                                                                                      • Part of subcall function 00CBF9F2: _wcslen.LIBCMT ref: 00CBF9FD
                                                                                                                      • Part of subcall function 00D02BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00D02BFA
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                    • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                    • API String ID: 1103490817-4258414348
                                                                                                                    • Opcode ID: cde3b448369abc69f217fe6d8a58613ea98141d95cfb6c875121535e92a5629d
                                                                                                                    • Instruction ID: 5c926b29db3478624e394e9806271849f93374abb0e078aef82f81053c7181f3
                                                                                                                    • Opcode Fuzzy Hash: cde3b448369abc69f217fe6d8a58613ea98141d95cfb6c875121535e92a5629d
                                                                                                                    • Instruction Fuzzy Hash: 66E1B1316083018FC714DF24C46096ABBE1FF99718F18895CF8969B7A2D731ED45DBA1
                                                                                                                    Function 00D2C998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$BuffCharUpper
                                                                                                                    • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                    • API String ID: 1256254125-909552448
                                                                                                                    • Opcode ID: 5170d8fc2b86666d183d8b5d9a6d72f2c0609f88828009b4034a28c32ab21428
                                                                                                                    • Instruction ID: d991bdd8703270463ce5ecb17be1386107f9208c5a86195212718380490514b0
                                                                                                                    • Opcode Fuzzy Hash: 5170d8fc2b86666d183d8b5d9a6d72f2c0609f88828009b4034a28c32ab21428
                                                                                                                    • Instruction Fuzzy Hash: F171F532A2013A8BCB20DE7CED516BE3395AFB175CF295528F86697284E631CD45D3B0
                                                                                                                    Function 00D3833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _wcslen.LIBCMT ref: 00D3835A
                                                                                                                    • _wcslen.LIBCMT ref: 00D3836E
                                                                                                                    • _wcslen.LIBCMT ref: 00D38391
                                                                                                                    • _wcslen.LIBCMT ref: 00D383B4
                                                                                                                    • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 00D383F2
                                                                                                                    • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00D35BF2), ref: 00D3844E
                                                                                                                    • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00D38487
                                                                                                                    • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 00D384CA
                                                                                                                    • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00D38501
                                                                                                                    • FreeLibrary.KERNEL32(?), ref: 00D3850D
                                                                                                                    • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 00D3851D
                                                                                                                    • DestroyIcon.USER32(?,?,?,?,?,00D35BF2), ref: 00D3852C
                                                                                                                    • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00D38549
                                                                                                                    • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00D38555
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                    • String ID: .dll$.exe$.icl
                                                                                                                    • API String ID: 799131459-1154884017
                                                                                                                    • Opcode ID: 2327a2e529bac81f85e6291f0435a3c5f3bbecf463a8ae7369f751591b53df34
                                                                                                                    • Instruction ID: 80373adbc33ff2bf96da3b01d3a4d3c63fa2399457da6bedba7817a695b7681a
                                                                                                                    • Opcode Fuzzy Hash: 2327a2e529bac81f85e6291f0435a3c5f3bbecf463a8ae7369f751591b53df34
                                                                                                                    • Instruction Fuzzy Hash: 5761B072550319BEEB14DF64CC41BBE77A8BB08711F108609F815E61D1DB74A984E7B0
                                                                                                                    Function 00CA7778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                    • API String ID: 0-1645009161
                                                                                                                    • Opcode ID: 6de3542cd7cf6da227e031641e0656c38aa75dbb12499c7c4fec7785826e5b8b
                                                                                                                    • Instruction ID: cfa30fdd2e80b246e89fd29813be2aa041b6656faa1ec8be89cdf2e79000f38a
                                                                                                                    • Opcode Fuzzy Hash: 6de3542cd7cf6da227e031641e0656c38aa75dbb12499c7c4fec7785826e5b8b
                                                                                                                    • Instruction Fuzzy Hash: DD81E771A44606BFDB21AF61DC42FAF37A8BF16304F044128F915EA192EB70DA15E7A1
                                                                                                                    Function 00D13E79 Relevance: 28.2, APIs: 8, Strings: 8, Instructions: 205COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CharLowerBuffW.USER32(?,?), ref: 00D13EF8
                                                                                                                    • _wcslen.LIBCMT ref: 00D13F03
                                                                                                                    • _wcslen.LIBCMT ref: 00D13F5A
                                                                                                                    • _wcslen.LIBCMT ref: 00D13F98
                                                                                                                    • GetDriveTypeW.KERNEL32(?), ref: 00D13FD6
                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00D1401E
                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00D14059
                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00D14087
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: SendString_wcslen$BuffCharDriveLowerType
                                                                                                                    • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                    • API String ID: 1839972693-4113822522
                                                                                                                    • Opcode ID: 98e6f694fb4d256011d993726ae7b8a35c19ba4f2a9babc75f4812123dde8b29
                                                                                                                    • Instruction ID: d950fbbd711b99c60575374d84fe6309d40ef8a08c399604e92dbd1889bc73f3
                                                                                                                    • Opcode Fuzzy Hash: 98e6f694fb4d256011d993726ae7b8a35c19ba4f2a9babc75f4812123dde8b29
                                                                                                                    • Instruction Fuzzy Hash: B671E331604312AFC710EF24D8818AAB7F4EF99758F14492DF89697251EB31DD8ACBA1
                                                                                                                    Function 00D05A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadIconW.USER32(00000063), ref: 00D05A2E
                                                                                                                    • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 00D05A40
                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 00D05A57
                                                                                                                    • GetDlgItem.USER32(?,000003EA), ref: 00D05A6C
                                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 00D05A72
                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 00D05A82
                                                                                                                    • SetWindowTextW.USER32(00000000,?), ref: 00D05A88
                                                                                                                    • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 00D05AA9
                                                                                                                    • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 00D05AC3
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00D05ACC
                                                                                                                    • _wcslen.LIBCMT ref: 00D05B33
                                                                                                                    • SetWindowTextW.USER32(?,?), ref: 00D05B6F
                                                                                                                    • GetDesktopWindow.USER32 ref: 00D05B75
                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00D05B7C
                                                                                                                    • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 00D05BD3
                                                                                                                    • GetClientRect.USER32(?,?), ref: 00D05BE0
                                                                                                                    • PostMessageW.USER32(?,00000005,00000000,?), ref: 00D05C05
                                                                                                                    • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 00D05C2F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 895679908-0
                                                                                                                    • Opcode ID: b136a0cdaa96a3dcac88cf3c7bcc21137aec8408f3070b7d4c790d59efc411e1
                                                                                                                    • Instruction ID: d8314658f5cbf406bbb00f9829ecb2eb0fc2e9d5dc727d58b9e27e5e2abc8aa6
                                                                                                                    • Opcode Fuzzy Hash: b136a0cdaa96a3dcac88cf3c7bcc21137aec8408f3070b7d4c790d59efc411e1
                                                                                                                    • Instruction Fuzzy Hash: 37714A31900B09AFDB20DFA8DD45BAEBBF5EB48704F144518E986A26A4D775E940CF60
                                                                                                                    Function 00D1FE0E Relevance: 27.1, APIs: 18, Instructions: 128COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadCursorW.USER32(00000000,00007F89), ref: 00D1FE27
                                                                                                                    • LoadCursorW.USER32(00000000,00007F8A), ref: 00D1FE32
                                                                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 00D1FE3D
                                                                                                                    • LoadCursorW.USER32(00000000,00007F03), ref: 00D1FE48
                                                                                                                    • LoadCursorW.USER32(00000000,00007F8B), ref: 00D1FE53
                                                                                                                    • LoadCursorW.USER32(00000000,00007F01), ref: 00D1FE5E
                                                                                                                    • LoadCursorW.USER32(00000000,00007F81), ref: 00D1FE69
                                                                                                                    • LoadCursorW.USER32(00000000,00007F88), ref: 00D1FE74
                                                                                                                    • LoadCursorW.USER32(00000000,00007F80), ref: 00D1FE7F
                                                                                                                    • LoadCursorW.USER32(00000000,00007F86), ref: 00D1FE8A
                                                                                                                    • LoadCursorW.USER32(00000000,00007F83), ref: 00D1FE95
                                                                                                                    • LoadCursorW.USER32(00000000,00007F85), ref: 00D1FEA0
                                                                                                                    • LoadCursorW.USER32(00000000,00007F82), ref: 00D1FEAB
                                                                                                                    • LoadCursorW.USER32(00000000,00007F84), ref: 00D1FEB6
                                                                                                                    • LoadCursorW.USER32(00000000,00007F04), ref: 00D1FEC1
                                                                                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 00D1FECC
                                                                                                                    • GetCursorInfo.USER32(?), ref: 00D1FEDC
                                                                                                                    • GetLastError.KERNEL32 ref: 00D1FF1E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Cursor$Load$ErrorInfoLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3215588206-0
                                                                                                                    • Opcode ID: bdd5348f3c0cb775a703fba372454c74b783f408e62dc8994332c47ada6a16bc
                                                                                                                    • Instruction ID: 25da7415ac9ec6c08f420e9fb33ed3a61e743dd2e7c92845435c60dd9a6e5434
                                                                                                                    • Opcode Fuzzy Hash: bdd5348f3c0cb775a703fba372454c74b783f408e62dc8994332c47ada6a16bc
                                                                                                                    • Instruction Fuzzy Hash: 394161B0D083196ADB109FBA9C8985EBFE8FF04354B54452AE119E7291DB78A941CFA0
                                                                                                                    Function 00CC00C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 00CC00C6
                                                                                                                      • Part of subcall function 00CC00ED: InitializeCriticalSectionAndSpinCount.KERNEL32(00D7070C,00000FA0,030F1163,?,?,?,?,00CE23B3,000000FF), ref: 00CC011C
                                                                                                                      • Part of subcall function 00CC00ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,00CE23B3,000000FF), ref: 00CC0127
                                                                                                                      • Part of subcall function 00CC00ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,00CE23B3,000000FF), ref: 00CC0138
                                                                                                                      • Part of subcall function 00CC00ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 00CC014E
                                                                                                                      • Part of subcall function 00CC00ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 00CC015C
                                                                                                                      • Part of subcall function 00CC00ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 00CC016A
                                                                                                                      • Part of subcall function 00CC00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00CC0195
                                                                                                                      • Part of subcall function 00CC00ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00CC01A0
                                                                                                                    • ___scrt_fastfail.LIBCMT ref: 00CC00E7
                                                                                                                      • Part of subcall function 00CC00A3: __onexit.LIBCMT ref: 00CC00A9
                                                                                                                    Strings
                                                                                                                    • kernel32.dll, xrefs: 00CC0133
                                                                                                                    • WakeAllConditionVariable, xrefs: 00CC0162
                                                                                                                    • InitializeConditionVariable, xrefs: 00CC0148
                                                                                                                    • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00CC0122
                                                                                                                    • SleepConditionVariableCS, xrefs: 00CC0154
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                    • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                    • API String ID: 66158676-1714406822
                                                                                                                    • Opcode ID: dd8176a3b03b03b9520452313d437de1398a12d5dfdbe32d9b5199271203e925
                                                                                                                    • Instruction ID: fde1d35d1f610a9ce317e4e1f896199d0f9f58162f3df752ce00edff3bfa26f9
                                                                                                                    • Opcode Fuzzy Hash: dd8176a3b03b03b9520452313d437de1398a12d5dfdbe32d9b5199271203e925
                                                                                                                    • Instruction Fuzzy Hash: FD21F632A44710EFE7115BA4EC0AF6EB7A8DB04B61F24013DF815E23D1DBB09C009AB0
                                                                                                                    Function 00D030F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen
                                                                                                                    • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                    • API String ID: 176396367-1603158881
                                                                                                                    • Opcode ID: 71b8f02a73055f1e75a3b95b96e5f666fc9b52a09bf72f89daa63dd3028aaf5d
                                                                                                                    • Instruction ID: d409a885a5b9411ad61e7e5b6b437338b94dd0e25a2ad8f3a943beba4f715d6a
                                                                                                                    • Opcode Fuzzy Hash: 71b8f02a73055f1e75a3b95b96e5f666fc9b52a09bf72f89daa63dd3028aaf5d
                                                                                                                    • Instruction Fuzzy Hash: D5E1B631A00616AFCB18DF78C855BEDBBB8BF54710F588119E45AB7290DB30AE85D7B0
                                                                                                                    Function 00D144C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CharLowerBuffW.USER32(00000000,00000000,00D3CC08), ref: 00D14527
                                                                                                                    • _wcslen.LIBCMT ref: 00D1453B
                                                                                                                    • _wcslen.LIBCMT ref: 00D14599
                                                                                                                    • _wcslen.LIBCMT ref: 00D145F4
                                                                                                                    • _wcslen.LIBCMT ref: 00D1463F
                                                                                                                    • _wcslen.LIBCMT ref: 00D146A7
                                                                                                                      • Part of subcall function 00CBF9F2: _wcslen.LIBCMT ref: 00CBF9FD
                                                                                                                    • GetDriveTypeW.KERNEL32(?,00D66BF0,00000061), ref: 00D14743
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                    • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                    • API String ID: 2055661098-1000479233
                                                                                                                    • Opcode ID: 4525d3c0c14d2a590475d8e14639f7357595bcaf845248782a934b27255ae68d
                                                                                                                    • Instruction ID: 221aaffe8fd132560dcf6fc61617fd8ed99be1367127ec12c7009272d09dab0a
                                                                                                                    • Opcode Fuzzy Hash: 4525d3c0c14d2a590475d8e14639f7357595bcaf845248782a934b27255ae68d
                                                                                                                    • Instruction Fuzzy Hash: 96B1E571608302AFC710DF28E890AAEB7E5BF96764F54891DF496C7291DB30D885C7B2
                                                                                                                    Function 00D2AFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _wcslen.LIBCMT ref: 00D2B198
                                                                                                                    • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00D2B1B0
                                                                                                                    • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00D2B1D4
                                                                                                                    • _wcslen.LIBCMT ref: 00D2B200
                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00D2B214
                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00D2B236
                                                                                                                    • _wcslen.LIBCMT ref: 00D2B332
                                                                                                                      • Part of subcall function 00D105A7: GetStdHandle.KERNEL32(000000F6), ref: 00D105C6
                                                                                                                    • _wcslen.LIBCMT ref: 00D2B34B
                                                                                                                    • _wcslen.LIBCMT ref: 00D2B366
                                                                                                                    • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00D2B3B6
                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 00D2B407
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D2B439
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00D2B44A
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00D2B45C
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00D2B46E
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D2B4E3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2178637699-0
                                                                                                                    • Opcode ID: f2a864b8564c35340b09b3e06fe00d99982ef3aa417d80a395d0dbcd2efc9b6a
                                                                                                                    • Instruction ID: 46dc00a78bccf2dfd4424939369b9c840b04c59a9468470192deb6de4e13d63e
                                                                                                                    • Opcode Fuzzy Hash: f2a864b8564c35340b09b3e06fe00d99982ef3aa417d80a395d0dbcd2efc9b6a
                                                                                                                    • Instruction Fuzzy Hash: E4F1BD315043119FC714EF24D891B6EBBE5BF85328F18855EF8959B2A2CB71EC41CB62
                                                                                                                    Function 00D23FE9 Relevance: 23.2, APIs: 11, Strings: 2, Instructions: 478libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,00D3CC08), ref: 00D240BB
                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00D240CD
                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,00D3CC08), ref: 00D240F2
                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,00D3CC08), ref: 00D2413E
                                                                                                                    • StringFromGUID2.OLE32(?,?,00000028,?,00D3CC08), ref: 00D241A8
                                                                                                                    • SysFreeString.OLEAUT32(00000009), ref: 00D24262
                                                                                                                    • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00D242C8
                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00D242F2
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeString$Library$AddressFileFromLoadModuleNamePathProcQueryType
                                                                                                                    • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                    • API String ID: 354098117-199464113
                                                                                                                    • Opcode ID: 3e6702e2ff79f49c07d5669833f236e8d08fc6dbcdd7f9eb13faad8ddb46466a
                                                                                                                    • Instruction ID: 60aa802e540208322c98a36bdf403fc18ba0cdc5e5657949708471fd546dc758
                                                                                                                    • Opcode Fuzzy Hash: 3e6702e2ff79f49c07d5669833f236e8d08fc6dbcdd7f9eb13faad8ddb46466a
                                                                                                                    • Instruction Fuzzy Hash: 36127E75A00225EFDB14DF94D884EAEBBB5FF55318F288098F905AB251C771ED42CBA0
                                                                                                                    Function 00CA326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetMenuItemCount.USER32(00D71990), ref: 00CE2F8D
                                                                                                                    • GetMenuItemCount.USER32(00D71990), ref: 00CE303D
                                                                                                                    • GetCursorPos.USER32(?), ref: 00CE3081
                                                                                                                    • SetForegroundWindow.USER32(00000000), ref: 00CE308A
                                                                                                                    • TrackPopupMenuEx.USER32(00D71990,00000000,?,00000000,00000000,00000000), ref: 00CE309D
                                                                                                                    • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00CE30A9
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 36266755-4108050209
                                                                                                                    • Opcode ID: a9887a70c89b5bc31d4a4b7f6847cbc4c82d692ce8a8078fdb648afb3ee71851
                                                                                                                    • Instruction ID: ccda7e0bb27ee6fa82106a336eda3367176bb6b20cf6ac65833d6e76b09c4b76
                                                                                                                    • Opcode Fuzzy Hash: a9887a70c89b5bc31d4a4b7f6847cbc4c82d692ce8a8078fdb648afb3ee71851
                                                                                                                    • Instruction Fuzzy Hash: DF713A31644296BEFB218F66CC49F9ABF68FF01324F244206F524AA1E1C7B1AE50D760
                                                                                                                    Function 00D36CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DestroyWindow.USER32(00000000,?), ref: 00D36DEB
                                                                                                                      • Part of subcall function 00CA6B57: _wcslen.LIBCMT ref: 00CA6B6A
                                                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00D36E5F
                                                                                                                    • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00D36E81
                                                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00D36E94
                                                                                                                    • DestroyWindow.USER32(?), ref: 00D36EB5
                                                                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00CA0000,00000000), ref: 00D36EE4
                                                                                                                    • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00D36EFD
                                                                                                                    • GetDesktopWindow.USER32 ref: 00D36F16
                                                                                                                    • GetWindowRect.USER32(00000000), ref: 00D36F1D
                                                                                                                    • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00D36F35
                                                                                                                    • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00D36F4D
                                                                                                                      • Part of subcall function 00CB9944: GetWindowLongW.USER32(?,000000EB), ref: 00CB9952
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                    • String ID: 0$tooltips_class32
                                                                                                                    • API String ID: 2429346358-3619404913
                                                                                                                    • Opcode ID: d7e3c8fea6d08ccf949d11254cbf30784a779aaeec1b4f93ba81b416fdb80cf0
                                                                                                                    • Instruction ID: e71a162091a229cd13980a223d2928935d4862fbe79a8c609cd2315231552225
                                                                                                                    • Opcode Fuzzy Hash: d7e3c8fea6d08ccf949d11254cbf30784a779aaeec1b4f93ba81b416fdb80cf0
                                                                                                                    • Instruction Fuzzy Hash: 6D716574104345AFDB21CF18D844BAABBE9FF89304F08891DFA99D7261D770E94ADB21
                                                                                                                    Function 00D3911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00CB9BB2
                                                                                                                    • DragQueryPoint.SHELL32(?,?), ref: 00D39147
                                                                                                                      • Part of subcall function 00D37674: ClientToScreen.USER32(?,?), ref: 00D3769A
                                                                                                                      • Part of subcall function 00D37674: GetWindowRect.USER32(?,?), ref: 00D37710
                                                                                                                      • Part of subcall function 00D37674: PtInRect.USER32(?,?,00D38B89), ref: 00D37720
                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 00D391B0
                                                                                                                    • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 00D391BB
                                                                                                                    • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00D391DE
                                                                                                                    • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00D39225
                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 00D3923E
                                                                                                                    • SendMessageW.USER32(?,000000B1,?,?), ref: 00D39255
                                                                                                                    • SendMessageW.USER32(?,000000B1,?,?), ref: 00D39277
                                                                                                                    • DragFinish.SHELL32(?), ref: 00D3927E
                                                                                                                    • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00D39371
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                    • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                    • API String ID: 221274066-3440237614
                                                                                                                    • Opcode ID: 987726f81198f57360e71801a9a66a40c0b7c36e4ee8f213424536cfef130045
                                                                                                                    • Instruction ID: 1671d3ddfaeb6571626d8f4720e3d99339745db1ef9c7ea9f290c2e820b46cee
                                                                                                                    • Opcode Fuzzy Hash: 987726f81198f57360e71801a9a66a40c0b7c36e4ee8f213424536cfef130045
                                                                                                                    • Instruction Fuzzy Hash: 7B617C71108301AFC701EF64DC85DAFBBE8EF89754F400A1EF595932A1DB70AA49CB62
                                                                                                                    Function 00D1C476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00D1C4B0
                                                                                                                    • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00D1C4C3
                                                                                                                    • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00D1C4D7
                                                                                                                    • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00D1C4F0
                                                                                                                    • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 00D1C533
                                                                                                                    • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00D1C549
                                                                                                                    • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00D1C554
                                                                                                                    • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00D1C584
                                                                                                                    • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 00D1C5DC
                                                                                                                    • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 00D1C5F0
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00D1C5FB
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3800310941-3916222277
                                                                                                                    • Opcode ID: f332af82a9db512e2624588e08802540656052b813ed23972a9b727a85748470
                                                                                                                    • Instruction ID: 940f1c7540467d7382e2b742b9556be814cf3a737c09e071be3feb3d51922dd9
                                                                                                                    • Opcode Fuzzy Hash: f332af82a9db512e2624588e08802540656052b813ed23972a9b727a85748470
                                                                                                                    • Instruction Fuzzy Hash: 5C5139B1550308BFEB218FA4D988ABB7BBDFF08754F046419F945E6210EB34E9849B70
                                                                                                                    Function 00D3856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00D38592
                                                                                                                    • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00D385A2
                                                                                                                    • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00D385AD
                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00D385BA
                                                                                                                    • GlobalLock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00D385C8
                                                                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00D385D7
                                                                                                                    • GlobalUnlock.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00D385E0
                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00D385E7
                                                                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 00D385F8
                                                                                                                    • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,00D3FC38,?), ref: 00D38611
                                                                                                                    • GlobalFree.KERNEL32(00000000), ref: 00D38621
                                                                                                                    • GetObjectW.GDI32(?,00000018,?), ref: 00D38641
                                                                                                                    • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00D38671
                                                                                                                    • DeleteObject.GDI32(?), ref: 00D38699
                                                                                                                    • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 00D386AF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3840717409-0
                                                                                                                    • Opcode ID: e22736b21b7cae7145e53d9fc6b045884679b13684a7196a95b179e2355ffed9
                                                                                                                    • Instruction ID: a40dd1d74b4fc8dcde1023d1679a79d38bcd8b580ce9f08c8cef4d0c0425b42a
                                                                                                                    • Opcode Fuzzy Hash: e22736b21b7cae7145e53d9fc6b045884679b13684a7196a95b179e2355ffed9
                                                                                                                    • Instruction Fuzzy Hash: 2E41F875610308AFDB119FA5DC89EAB7BB8FF89B11F148058F906E7260DB709901DB70
                                                                                                                    Function 00D114BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • VariantInit.OLEAUT32(00000000), ref: 00D11502
                                                                                                                    • VariantCopy.OLEAUT32(?,?), ref: 00D1150B
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00D11517
                                                                                                                    • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 00D115FB
                                                                                                                    • VarR8FromDec.OLEAUT32(?,?), ref: 00D11657
                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00D11708
                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00D1178C
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00D117D8
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00D117E7
                                                                                                                    • VariantInit.OLEAUT32(00000000), ref: 00D11823
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                    • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                    • API String ID: 1234038744-3931177956
                                                                                                                    • Opcode ID: f583c4b9865f7c0cad239c75e416d08fac6599e8f0ff787c60b950f5adedb72b
                                                                                                                    • Instruction ID: c3dadcc3d7f2e9ccd4c87ba5f62a7f5dc0124d6375d8be9d0007eab191f180c7
                                                                                                                    • Opcode Fuzzy Hash: f583c4b9865f7c0cad239c75e416d08fac6599e8f0ff787c60b950f5adedb72b
                                                                                                                    • Instruction Fuzzy Hash: 37D11235600615EBEB109F64E885BFDB7B6BF45700F148459E686AB280DF30EC85EB72
                                                                                                                    Function 00D2B60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD
                                                                                                                      • Part of subcall function 00D2C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00D2B6AE,?,?), ref: 00D2C9B5
                                                                                                                      • Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2C9F1
                                                                                                                      • Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2CA68
                                                                                                                      • Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2CA9E
                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00D2B6F4
                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00D2B772
                                                                                                                    • RegDeleteValueW.ADVAPI32(?,?), ref: 00D2B80A
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00D2B87E
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00D2B89C
                                                                                                                    • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00D2B8F2
                                                                                                                    • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00D2B904
                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00D2B922
                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00D2B983
                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00D2B994
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                    • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                    • API String ID: 146587525-4033151799
                                                                                                                    • Opcode ID: adc0d4f720eff25224b1d9e66aaaa5b89edc0676dc9a54db80641ffdfc48ec0e
                                                                                                                    • Instruction ID: bc22ff7871be43ad9630e35b017401a877c4d83c9fd33a2339c6c1d8819a4725
                                                                                                                    • Opcode Fuzzy Hash: adc0d4f720eff25224b1d9e66aaaa5b89edc0676dc9a54db80641ffdfc48ec0e
                                                                                                                    • Instruction Fuzzy Hash: 53C1AC30208212AFD714DF24D495F2ABBE1FF95318F18845DE49A8B2A2CB71EC45DBA1
                                                                                                                    Function 00D2255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetDC.USER32(00000000), ref: 00D225D8
                                                                                                                    • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00D225E8
                                                                                                                    • CreateCompatibleDC.GDI32(?), ref: 00D225F4
                                                                                                                    • SelectObject.GDI32(00000000,?), ref: 00D22601
                                                                                                                    • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 00D2266D
                                                                                                                    • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 00D226AC
                                                                                                                    • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 00D226D0
                                                                                                                    • SelectObject.GDI32(?,?), ref: 00D226D8
                                                                                                                    • DeleteObject.GDI32(?), ref: 00D226E1
                                                                                                                    • DeleteDC.GDI32(?), ref: 00D226E8
                                                                                                                    • ReleaseDC.USER32(00000000,?), ref: 00D226F3
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                    • String ID: (
                                                                                                                    • API String ID: 2598888154-3887548279
                                                                                                                    • Opcode ID: 2af15bd6f145957b21369ce230e95b140091fc1171b8d7fe222b17390a66c52a
                                                                                                                    • Instruction ID: 1ba8000686d7f4ff778d514136c2c28d88c18fd0f8a39526703281d3503894a6
                                                                                                                    • Opcode Fuzzy Hash: 2af15bd6f145957b21369ce230e95b140091fc1171b8d7fe222b17390a66c52a
                                                                                                                    • Instruction Fuzzy Hash: E261F176D00219EFCF14CFA8D884AAEBBB6FF48310F208529E955A7350D770A941DFA0
                                                                                                                    Function 00CDDA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___free_lconv_mon.LIBCMT ref: 00CDDAA1
                                                                                                                      • Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD659
                                                                                                                      • Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD66B
                                                                                                                      • Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD67D
                                                                                                                      • Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD68F
                                                                                                                      • Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD6A1
                                                                                                                      • Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD6B3
                                                                                                                      • Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD6C5
                                                                                                                      • Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD6D7
                                                                                                                      • Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD6E9
                                                                                                                      • Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD6FB
                                                                                                                      • Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD70D
                                                                                                                      • Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD71F
                                                                                                                      • Part of subcall function 00CDD63C: _free.LIBCMT ref: 00CDD731
                                                                                                                    • _free.LIBCMT ref: 00CDDA96
                                                                                                                      • Part of subcall function 00CD29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000), ref: 00CD29DE
                                                                                                                      • Part of subcall function 00CD29C8: GetLastError.KERNEL32(00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000,00000000), ref: 00CD29F0
                                                                                                                    • _free.LIBCMT ref: 00CDDAB8
                                                                                                                    • _free.LIBCMT ref: 00CDDACD
                                                                                                                    • _free.LIBCMT ref: 00CDDAD8
                                                                                                                    • _free.LIBCMT ref: 00CDDAFA
                                                                                                                    • _free.LIBCMT ref: 00CDDB0D
                                                                                                                    • _free.LIBCMT ref: 00CDDB1B
                                                                                                                    • _free.LIBCMT ref: 00CDDB26
                                                                                                                    • _free.LIBCMT ref: 00CDDB5E
                                                                                                                    • _free.LIBCMT ref: 00CDDB65
                                                                                                                    • _free.LIBCMT ref: 00CDDB82
                                                                                                                    • _free.LIBCMT ref: 00CDDB9A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 161543041-0
                                                                                                                    • Opcode ID: dd6731532c12c81b4af2ce8022cba73fbedebb5e0d48e8a0eef06c1ab5ca8373
                                                                                                                    • Instruction ID: 3391ffcc548399693e0afd159a4d7ee267c3f8b4340c564c4755e94fb6436180
                                                                                                                    • Opcode Fuzzy Hash: dd6731532c12c81b4af2ce8022cba73fbedebb5e0d48e8a0eef06c1ab5ca8373
                                                                                                                    • Instruction Fuzzy Hash: D6314D31A04705AFEB21AA39E845B56B7E9FF10314F15441BF66AD7391DF31ED80A720
                                                                                                                    Function 00D0365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetClassNameW.USER32(?,?,00000100), ref: 00D0369C
                                                                                                                    • _wcslen.LIBCMT ref: 00D036A7
                                                                                                                    • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00D03797
                                                                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 00D0380C
                                                                                                                    • GetDlgCtrlID.USER32(?), ref: 00D0385D
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00D03882
                                                                                                                    • GetParent.USER32(?), ref: 00D038A0
                                                                                                                    • ScreenToClient.USER32(00000000), ref: 00D038A7
                                                                                                                    • GetClassNameW.USER32(?,?,00000100), ref: 00D03921
                                                                                                                    • GetWindowTextW.USER32(?,?,00000400), ref: 00D0395D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                    • String ID: %s%u
                                                                                                                    • API String ID: 4010501982-679674701
                                                                                                                    • Opcode ID: beec4f72e778940a8b97550cdd5e6d4c1277c14ae6a82fd2e7e7047353755573
                                                                                                                    • Instruction ID: 48660c12341ea7d92af5bf93798a0a462bcded79d2eee085f79f62a86fb5f6f3
                                                                                                                    • Opcode Fuzzy Hash: beec4f72e778940a8b97550cdd5e6d4c1277c14ae6a82fd2e7e7047353755573
                                                                                                                    • Instruction Fuzzy Hash: D9918B71204706AFD719DF24D885FAAB7ACFF48350F448629F999D2190DB30EA45CBA1
                                                                                                                    Function 00D04954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 00D04994
                                                                                                                    • GetWindowTextW.USER32(?,?,00000400), ref: 00D049DA
                                                                                                                    • _wcslen.LIBCMT ref: 00D049EB
                                                                                                                    • CharUpperBuffW.USER32(?,00000000), ref: 00D049F7
                                                                                                                    • _wcsstr.LIBVCRUNTIME ref: 00D04A2C
                                                                                                                    • GetClassNameW.USER32(00000018,?,00000400), ref: 00D04A64
                                                                                                                    • GetWindowTextW.USER32(?,?,00000400), ref: 00D04A9D
                                                                                                                    • GetClassNameW.USER32(00000018,?,00000400), ref: 00D04AE6
                                                                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 00D04B20
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00D04B8B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                    • String ID: ThumbnailClass
                                                                                                                    • API String ID: 1311036022-1241985126
                                                                                                                    • Opcode ID: b1c5e2b50fca3d2475793e238779668ddb79690a01ecdc0ac7e3d61ea76110d0
                                                                                                                    • Instruction ID: 3a37b2a8794b643f17f9e50291b6fc7faff372ba965a7ac0c1bb30697522b960
                                                                                                                    • Opcode Fuzzy Hash: b1c5e2b50fca3d2475793e238779668ddb79690a01ecdc0ac7e3d61ea76110d0
                                                                                                                    • Instruction Fuzzy Hash: 80918AB21043059BDB14DF14C985FAAB7E8EF84354F088469FE899A1D6EB30ED45CBB1
                                                                                                                    Function 00D38D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00CB9BB2
                                                                                                                    • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00D38D5A
                                                                                                                    • GetFocus.USER32 ref: 00D38D6A
                                                                                                                    • GetDlgCtrlID.USER32(00000000), ref: 00D38D75
                                                                                                                    • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00D38E1D
                                                                                                                    • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00D38ECF
                                                                                                                    • GetMenuItemCount.USER32(?), ref: 00D38EEC
                                                                                                                    • GetMenuItemID.USER32(?,00000000), ref: 00D38EFC
                                                                                                                    • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00D38F2E
                                                                                                                    • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00D38F70
                                                                                                                    • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00D38FA1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 1026556194-4108050209
                                                                                                                    • Opcode ID: 22b87cf671859dce505a9338c7d683509a9a9ab5158297411e3c6a74c1cb86de
                                                                                                                    • Instruction ID: cf074824aa9b9be1e5f6ab47945a49a7ceb48e004585dcd852f7e5fe8e548c06
                                                                                                                    • Opcode Fuzzy Hash: 22b87cf671859dce505a9338c7d683509a9a9ab5158297411e3c6a74c1cb86de
                                                                                                                    • Instruction Fuzzy Hash: F7818C71508301AFD720DF24D884AABBBE9FF88354F180A19F995E7291DB71D901EBB1
                                                                                                                    Function 00D0BF30 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 190windowsleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetMenuItemInfoW.USER32(00D71990,000000FF,00000000,00000030), ref: 00D0BFAC
                                                                                                                    • SetMenuItemInfoW.USER32(00D71990,00000004,00000000,00000030), ref: 00D0BFE1
                                                                                                                    • Sleep.KERNEL32(000001F4), ref: 00D0BFF3
                                                                                                                    • GetMenuItemCount.USER32(?), ref: 00D0C039
                                                                                                                    • GetMenuItemID.USER32(?,00000000), ref: 00D0C056
                                                                                                                    • GetMenuItemID.USER32(?,-00000001), ref: 00D0C082
                                                                                                                    • GetMenuItemID.USER32(?,?), ref: 00D0C0C9
                                                                                                                    • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00D0C10F
                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00D0C124
                                                                                                                    • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00D0C145
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemMenu$Info$CheckCountRadioSleep
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 1460738036-4108050209
                                                                                                                    • Opcode ID: dbb4b3f423683afae84089129b486519c0e0c7de53c9b48b90a1960fd07096b9
                                                                                                                    • Instruction ID: 62ce079e65b50db7fd9be691fa99d6d1e1009db0403947e620164961528f6408
                                                                                                                    • Opcode Fuzzy Hash: dbb4b3f423683afae84089129b486519c0e0c7de53c9b48b90a1960fd07096b9
                                                                                                                    • Instruction Fuzzy Hash: 65617CB092034AAFDB11CF68CC88BAEBBB8EB05354F041215E849A32D1D771AD45CB71
                                                                                                                    Function 00D0DC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetFileVersionInfoSizeW.VERSION(?,?), ref: 00D0DC20
                                                                                                                    • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 00D0DC46
                                                                                                                    • _wcslen.LIBCMT ref: 00D0DC50
                                                                                                                    • _wcsstr.LIBVCRUNTIME ref: 00D0DCA0
                                                                                                                    • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 00D0DCBC
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                    • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                    • API String ID: 1939486746-1459072770
                                                                                                                    • Opcode ID: c9397f9b5a33c8eb39797741fd1f17c90afbd3bcc653c5bef348458550127bee
                                                                                                                    • Instruction ID: 28547e41a7248da5470c6702ce9d90955411281e3e0da9cee242da1a29258c91
                                                                                                                    • Opcode Fuzzy Hash: c9397f9b5a33c8eb39797741fd1f17c90afbd3bcc653c5bef348458550127bee
                                                                                                                    • Instruction Fuzzy Hash: 8E41DD72A403017AEB14A7B4DC47FBF77ACEF56710F14006AF904A62C2EA70DA01A7B4
                                                                                                                    Function 00D2CC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00D2CC64
                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 00D2CC8D
                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00D2CD48
                                                                                                                      • Part of subcall function 00D2CC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 00D2CCAA
                                                                                                                      • Part of subcall function 00D2CC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 00D2CCBD
                                                                                                                      • Part of subcall function 00D2CC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00D2CCCF
                                                                                                                      • Part of subcall function 00D2CC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 00D2CD05
                                                                                                                      • Part of subcall function 00D2CC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 00D2CD28
                                                                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00D2CCF3
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                    • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                    • API String ID: 2734957052-4033151799
                                                                                                                    • Opcode ID: 786015e420513302bc408ac20e04b014df72e423c0c411adffb44d5425c1240b
                                                                                                                    • Instruction ID: 2de7f78c83ee8677653588e72d810b69fe16008ffac16aa85ee1c9c5bde080ef
                                                                                                                    • Opcode Fuzzy Hash: 786015e420513302bc408ac20e04b014df72e423c0c411adffb44d5425c1240b
                                                                                                                    • Instruction Fuzzy Hash: 45318E76911228BBDB208B61EC88EFFBB7CEF15744F041165A905E3240DA749E45EBB0
                                                                                                                    Function 00D13D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00D13D40
                                                                                                                    • _wcslen.LIBCMT ref: 00D13D6D
                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00D13D9D
                                                                                                                    • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 00D13DBE
                                                                                                                    • RemoveDirectoryW.KERNEL32(?), ref: 00D13DCE
                                                                                                                    • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 00D13E55
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00D13E60
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00D13E6B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                    • String ID: :$\$\??\%s
                                                                                                                    • API String ID: 1149970189-3457252023
                                                                                                                    • Opcode ID: bd8c5c6d570b634c5c8f07d6f5c37a9fb0be97be2ef675577eab2eda6a806bb8
                                                                                                                    • Instruction ID: 7ebf4c18410ca2f9e113991ad4b153150ea99aa46712cf02305ddafcf0efad58
                                                                                                                    • Opcode Fuzzy Hash: bd8c5c6d570b634c5c8f07d6f5c37a9fb0be97be2ef675577eab2eda6a806bb8
                                                                                                                    • Instruction Fuzzy Hash: 1C31A176910209ABDB209BA0EC49FEF37BCEF88700F1441B9F505E61A0EB7497848B74
                                                                                                                    Function 00D0E6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • timeGetTime.WINMM ref: 00D0E6B4
                                                                                                                      • Part of subcall function 00CBE551: timeGetTime.WINMM(?,?,00D0E6D4), ref: 00CBE555
                                                                                                                    • Sleep.KERNEL32(0000000A), ref: 00D0E6E1
                                                                                                                    • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 00D0E705
                                                                                                                    • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00D0E727
                                                                                                                    • SetActiveWindow.USER32 ref: 00D0E746
                                                                                                                    • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00D0E754
                                                                                                                    • SendMessageW.USER32(00000010,00000000,00000000), ref: 00D0E773
                                                                                                                    • Sleep.KERNEL32(000000FA), ref: 00D0E77E
                                                                                                                    • IsWindow.USER32 ref: 00D0E78A
                                                                                                                    • EndDialog.USER32(00000000), ref: 00D0E79B
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                    • String ID: BUTTON
                                                                                                                    • API String ID: 1194449130-3405671355
                                                                                                                    • Opcode ID: 89a976dc9143a353d544e9edab0e40fc9ba0c9185e250aae8f42de09b9c78290
                                                                                                                    • Instruction ID: 76ebee6333d3adeb6773868d8cdb5ad804ce65cba2feb4f9268f56cabad086fd
                                                                                                                    • Opcode Fuzzy Hash: 89a976dc9143a353d544e9edab0e40fc9ba0c9185e250aae8f42de09b9c78290
                                                                                                                    • Instruction Fuzzy Hash: 55216FB0210344AFEB006F65EC8AB393B69E794749F541825F50ED13F1EB71AC409B34
                                                                                                                    Function 00D0E9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD
                                                                                                                    • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00D0EA5D
                                                                                                                    • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00D0EA73
                                                                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00D0EA84
                                                                                                                    • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00D0EA96
                                                                                                                    • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 00D0EAA7
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: SendString$_wcslen
                                                                                                                    • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                    • API String ID: 2420728520-1007645807
                                                                                                                    • Opcode ID: 3f9004cfbc3849e044611dabaa9878cd4e59c19cc1c77d52b8d4803a1139771d
                                                                                                                    • Instruction ID: d90bb80301aa0cb6218e8d344da907bbd82c2dbe02d09a77e4a81e100cda80c4
                                                                                                                    • Opcode Fuzzy Hash: 3f9004cfbc3849e044611dabaa9878cd4e59c19cc1c77d52b8d4803a1139771d
                                                                                                                    • Instruction Fuzzy Hash: 26117731B902597ED710A762DC4AEFF6B7CEBD6B44F04082AB805A20D1EFB04D09C9B0
                                                                                                                    Function 00D09F91 Relevance: 18.2, APIs: 12, Instructions: 188keyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetKeyboardState.USER32(?), ref: 00D0A012
                                                                                                                    • SetKeyboardState.USER32(?), ref: 00D0A07D
                                                                                                                    • GetAsyncKeyState.USER32(000000A0), ref: 00D0A09D
                                                                                                                    • GetKeyState.USER32(000000A0), ref: 00D0A0B4
                                                                                                                    • GetAsyncKeyState.USER32(000000A1), ref: 00D0A0E3
                                                                                                                    • GetKeyState.USER32(000000A1), ref: 00D0A0F4
                                                                                                                    • GetAsyncKeyState.USER32(00000011), ref: 00D0A120
                                                                                                                    • GetKeyState.USER32(00000011), ref: 00D0A12E
                                                                                                                    • GetAsyncKeyState.USER32(00000012), ref: 00D0A157
                                                                                                                    • GetKeyState.USER32(00000012), ref: 00D0A165
                                                                                                                    • GetAsyncKeyState.USER32(0000005B), ref: 00D0A18E
                                                                                                                    • GetKeyState.USER32(0000005B), ref: 00D0A19C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: State$Async$Keyboard
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 541375521-0
                                                                                                                    • Opcode ID: b35aa5caec591aaada5a7f5adba381fb7f227aed0a56d8625fcdb2d111c71507
                                                                                                                    • Instruction ID: e67505888f4b62f70ac074c275d9d04160a388c534fd7652c4081c8201b65f65
                                                                                                                    • Opcode Fuzzy Hash: b35aa5caec591aaada5a7f5adba381fb7f227aed0a56d8625fcdb2d111c71507
                                                                                                                    • Instruction Fuzzy Hash: 0851A53090478829FB35DB7489117EABFB59F12380F0C859AD5CA5B1C3DA94AA4CC773
                                                                                                                    Function 00D05CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetDlgItem.USER32(?,00000001), ref: 00D05CE2
                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00D05CFB
                                                                                                                    • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 00D05D59
                                                                                                                    • GetDlgItem.USER32(?,00000002), ref: 00D05D69
                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00D05D7B
                                                                                                                    • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 00D05DCF
                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 00D05DDD
                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00D05DEF
                                                                                                                    • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 00D05E31
                                                                                                                    • GetDlgItem.USER32(?,000003EA), ref: 00D05E44
                                                                                                                    • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 00D05E5A
                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00D05E67
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3096461208-0
                                                                                                                    • Opcode ID: f4eec89ef350484919bc692bfa2318abd57f694373f902c7233c6caf09b34371
                                                                                                                    • Instruction ID: 465d87c4009b582628dec39f5b57ad86c8075314dca66a6c3334c62878ef157d
                                                                                                                    • Opcode Fuzzy Hash: f4eec89ef350484919bc692bfa2318abd57f694373f902c7233c6caf09b34371
                                                                                                                    • Instruction Fuzzy Hash: FA51FCB1A10715AFDB18CF68DD89BAEBBB5EB48300F149129F919E7294D7709E04CF60
                                                                                                                    Function 00CB8BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CB8F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00CB8BE8,?,00000000,?,?,?,?,00CB8BBA,00000000,?), ref: 00CB8FC5
                                                                                                                    • DestroyWindow.USER32(?), ref: 00CB8C81
                                                                                                                    • KillTimer.USER32(00000000,?,?,?,?,00CB8BBA,00000000,?), ref: 00CB8D1B
                                                                                                                    • DestroyAcceleratorTable.USER32(00000000), ref: 00CF6973
                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00CB8BBA,00000000,?), ref: 00CF69A1
                                                                                                                    • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00CB8BBA,00000000,?), ref: 00CF69B8
                                                                                                                    • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00CB8BBA,00000000), ref: 00CF69D4
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00CF69E6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 641708696-0
                                                                                                                    • Opcode ID: 22ee5d5c48cc25624b71506e595532fc47157bf5d994e3a1c59ff2caca0c14e3
                                                                                                                    • Instruction ID: 761f0040b377e08809a2fcdf57fc1c61f057cfac240b726fc6e3e58734c14270
                                                                                                                    • Opcode Fuzzy Hash: 22ee5d5c48cc25624b71506e595532fc47157bf5d994e3a1c59ff2caca0c14e3
                                                                                                                    • Instruction Fuzzy Hash: 1861DC75102705DFCB258F28C948BB57BF5FB04312F144618E2669B6A0CB71AEC5EFA1
                                                                                                                    Function 00CB9838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CB9944: GetWindowLongW.USER32(?,000000EB), ref: 00CB9952
                                                                                                                    • GetSysColor.USER32(0000000F), ref: 00CB9862
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ColorLongWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 259745315-0
                                                                                                                    • Opcode ID: 687f79a1a4f7c9e6973fed6b7daa3ed6e5a958516e8f0735b7344efa278f91e4
                                                                                                                    • Instruction ID: 0e47c3c06878a4c824c67f028d5299e40de8cda3955cbb255db9264bc831aaff
                                                                                                                    • Opcode Fuzzy Hash: 687f79a1a4f7c9e6973fed6b7daa3ed6e5a958516e8f0735b7344efa278f91e4
                                                                                                                    • Instruction Fuzzy Hash: F0417B31504744AFDB215B389C88BB93BA5EB06320F145619EAB69B2E1D7329942EB21
                                                                                                                    Function 00D096E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,00CEF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 00D09717
                                                                                                                    • LoadStringW.USER32(00000000,?,00CEF7F8,00000001), ref: 00D09720
                                                                                                                      • Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD
                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,00CEF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 00D09742
                                                                                                                    • LoadStringW.USER32(00000000,?,00CEF7F8,00000001), ref: 00D09745
                                                                                                                    • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 00D09866
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                    • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                    • API String ID: 747408836-2268648507
                                                                                                                    • Opcode ID: ca54267d25ea9a59c71809b5d199a94f38dbb58b95832b607f393e1f2a2f2bf1
                                                                                                                    • Instruction ID: d2adefb47e0059913f3a0af79967a7d52831bb551ff8a09fb69a15a616084ec9
                                                                                                                    • Opcode Fuzzy Hash: ca54267d25ea9a59c71809b5d199a94f38dbb58b95832b607f393e1f2a2f2bf1
                                                                                                                    • Instruction Fuzzy Hash: FC413A7280421AAACF04EBE0DD96EEEB778EF56344F104025F505B21A2EB356F49DB71
                                                                                                                    Function 00D006DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA6B57: _wcslen.LIBCMT ref: 00CA6B6A
                                                                                                                    • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00D007A2
                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 00D007BE
                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 00D007DA
                                                                                                                    • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00D00804
                                                                                                                    • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 00D0082C
                                                                                                                    • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00D00837
                                                                                                                    • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00D0083C
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                    • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                    • API String ID: 323675364-22481851
                                                                                                                    • Opcode ID: 93db61a4246c1549138666896e73e521a92a7514bfb83369150d0e8b457cea9e
                                                                                                                    • Instruction ID: 5a26cce277adeae298332fe37dd9573856a3d5e51147b8dd3eab493e2db2f02d
                                                                                                                    • Opcode Fuzzy Hash: 93db61a4246c1549138666896e73e521a92a7514bfb83369150d0e8b457cea9e
                                                                                                                    • Instruction Fuzzy Hash: 5C41F772C10229ABDF15EBA4DC959EEB778FF44354F044129E905B32A1EB349E44DFA0
                                                                                                                    Function 00D33F98 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 00D3403B
                                                                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 00D34042
                                                                                                                    • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 00D34055
                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00D3405D
                                                                                                                    • GetPixel.GDI32(00000000,00000000,00000000), ref: 00D34068
                                                                                                                    • DeleteDC.GDI32(00000000), ref: 00D34072
                                                                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 00D3407C
                                                                                                                    • SetLayeredWindowAttributes.USER32(?,?,00000000,00000001,?,00000000,?), ref: 00D34092
                                                                                                                    • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?), ref: 00D3409E
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                    • String ID: static
                                                                                                                    • API String ID: 2559357485-2160076837
                                                                                                                    • Opcode ID: 07ab0b655487fbfc307ed30c6edc077b76aff846cc8e62c1c5709555f83f9a78
                                                                                                                    • Instruction ID: 332692872bace074cb46d7bd502f99b018bb1e89a4b10f9bfd08436e386a7c3b
                                                                                                                    • Opcode Fuzzy Hash: 07ab0b655487fbfc307ed30c6edc077b76aff846cc8e62c1c5709555f83f9a78
                                                                                                                    • Instruction Fuzzy Hash: 29317A32111215ABDF219FA4CC09FDA3B68EF0D320F051210FA18E61A0C735D860EBB0
                                                                                                                    Function 00D23C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00D23C5C
                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00D23C8A
                                                                                                                    • CoUninitialize.OLE32 ref: 00D23C94
                                                                                                                    • _wcslen.LIBCMT ref: 00D23D2D
                                                                                                                    • GetRunningObjectTable.OLE32(00000000,?), ref: 00D23DB1
                                                                                                                    • SetErrorMode.KERNEL32(00000001,00000029), ref: 00D23ED5
                                                                                                                    • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 00D23F0E
                                                                                                                    • CoGetObject.OLE32(?,00000000,00D3FB98,?), ref: 00D23F2D
                                                                                                                    • SetErrorMode.KERNEL32(00000000), ref: 00D23F40
                                                                                                                    • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00D23FC4
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00D23FD8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 429561992-0
                                                                                                                    • Opcode ID: ddcc5ef78c7fd59c937aebfcb5f4e68c6b0eae3d510c6de0ab943fc6fd90d5bc
                                                                                                                    • Instruction ID: 970f68a6ca11f1229a70018133e95470c6733876e1be53089ce5f8429712bb19
                                                                                                                    • Opcode Fuzzy Hash: ddcc5ef78c7fd59c937aebfcb5f4e68c6b0eae3d510c6de0ab943fc6fd90d5bc
                                                                                                                    • Instruction Fuzzy Hash: E6C14471608315AFC700DF68D88492BBBE9FF99748F04495DF98A9B210D735EE05CB62
                                                                                                                    Function 00D17A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00D17AF3
                                                                                                                    • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 00D17B8F
                                                                                                                    • SHGetDesktopFolder.SHELL32(?), ref: 00D17BA3
                                                                                                                    • CoCreateInstance.OLE32(00D3FD08,00000000,00000001,00D66E6C,?), ref: 00D17BEF
                                                                                                                    • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 00D17C74
                                                                                                                    • CoTaskMemFree.OLE32(?,?), ref: 00D17CCC
                                                                                                                    • SHBrowseForFolderW.SHELL32(?), ref: 00D17D57
                                                                                                                    • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 00D17D7A
                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00D17D81
                                                                                                                    • CoTaskMemFree.OLE32(00000000), ref: 00D17DD6
                                                                                                                    • CoUninitialize.OLE32 ref: 00D17DDC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2762341140-0
                                                                                                                    • Opcode ID: aec6691cd9810e3df88c3524ec7f4a316daf8c2187fee0e27e4e21a125ca6782
                                                                                                                    • Instruction ID: af2565c1fe30a6c7b5a2e406ea2689bd38f6dce068c8e8197fb8ad021e922934
                                                                                                                    • Opcode Fuzzy Hash: aec6691cd9810e3df88c3524ec7f4a316daf8c2187fee0e27e4e21a125ca6782
                                                                                                                    • Instruction Fuzzy Hash: 95C10A75A04209AFCB14DFA4D884DAEBBF5FF48314B148499E516DB361DB30EE85CBA0
                                                                                                                    Function 00D3541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00D35504
                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00D35515
                                                                                                                    • CharNextW.USER32(00000158), ref: 00D35544
                                                                                                                    • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00D35585
                                                                                                                    • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 00D3559B
                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00D355AC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$CharNext
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1350042424-0
                                                                                                                    • Opcode ID: 5ac4af71d97416a6c132c8255c4cd284bd17cfc6faf810a5b266b90db8f936f2
                                                                                                                    • Instruction ID: 72320c77fa266fa27b0357ca1e9e9371820145a8c8ea4d132eac455f4572114c
                                                                                                                    • Opcode Fuzzy Hash: 5ac4af71d97416a6c132c8255c4cd284bd17cfc6faf810a5b266b90db8f936f2
                                                                                                                    • Instruction Fuzzy Hash: EF619B75900608EFDF10CF94EC85AFE7BB9EB0A320F148155F965AB2A4D7709A80DB70
                                                                                                                    Function 00CFFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00CFFAAF
                                                                                                                    • SafeArrayAllocData.OLEAUT32(?), ref: 00CFFB08
                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00CFFB1A
                                                                                                                    • SafeArrayAccessData.OLEAUT32(?,?), ref: 00CFFB3A
                                                                                                                    • VariantCopy.OLEAUT32(?,?), ref: 00CFFB8D
                                                                                                                    • SafeArrayUnaccessData.OLEAUT32(?), ref: 00CFFBA1
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00CFFBB6
                                                                                                                    • SafeArrayDestroyData.OLEAUT32(?), ref: 00CFFBC3
                                                                                                                    • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00CFFBCC
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00CFFBDE
                                                                                                                    • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00CFFBE9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2706829360-0
                                                                                                                    • Opcode ID: a2598741ca4a011104574fc29859c7926ef447d58185d06e9a314533ea1284a5
                                                                                                                    • Instruction ID: ed1f858ebcc4b49b22275ccf6498c6e8de1140f1be4f7a6c5a3af1ea3ed9aff1
                                                                                                                    • Opcode Fuzzy Hash: a2598741ca4a011104574fc29859c7926ef447d58185d06e9a314533ea1284a5
                                                                                                                    • Instruction Fuzzy Hash: 28412035A0021D9FCB10DFA4D8549FEBBB9EF48354F008069E955E7361DB30A946DBA1
                                                                                                                    Function 00D09C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetKeyboardState.USER32(?), ref: 00D09CA1
                                                                                                                    • GetAsyncKeyState.USER32(000000A0), ref: 00D09D22
                                                                                                                    • GetKeyState.USER32(000000A0), ref: 00D09D3D
                                                                                                                    • GetAsyncKeyState.USER32(000000A1), ref: 00D09D57
                                                                                                                    • GetKeyState.USER32(000000A1), ref: 00D09D6C
                                                                                                                    • GetAsyncKeyState.USER32(00000011), ref: 00D09D84
                                                                                                                    • GetKeyState.USER32(00000011), ref: 00D09D96
                                                                                                                    • GetAsyncKeyState.USER32(00000012), ref: 00D09DAE
                                                                                                                    • GetKeyState.USER32(00000012), ref: 00D09DC0
                                                                                                                    • GetAsyncKeyState.USER32(0000005B), ref: 00D09DD8
                                                                                                                    • GetKeyState.USER32(0000005B), ref: 00D09DEA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: State$Async$Keyboard
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 541375521-0
                                                                                                                    • Opcode ID: 8470b94497d9da61ddc0451c1409fcaab9668525f410ee01a01752b7be440b50
                                                                                                                    • Instruction ID: 13ba441eb4f1c1b7965baad346f858eb9f0614d61f665dc165530e12161c3a8b
                                                                                                                    • Opcode Fuzzy Hash: 8470b94497d9da61ddc0451c1409fcaab9668525f410ee01a01752b7be440b50
                                                                                                                    • Instruction Fuzzy Hash: 0A4196349447C969FF319764C8243B5FEA06B51344F0C805ADACA566C3EBA59DC8C7B2
                                                                                                                    Function 00D2055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WSAStartup.WSOCK32(00000101,?), ref: 00D205BC
                                                                                                                    • inet_addr.WSOCK32(?), ref: 00D2061C
                                                                                                                    • gethostbyname.WSOCK32(?), ref: 00D20628
                                                                                                                    • IcmpCreateFile.IPHLPAPI ref: 00D20636
                                                                                                                    • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00D206C6
                                                                                                                    • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00D206E5
                                                                                                                    • IcmpCloseHandle.IPHLPAPI(?), ref: 00D207B9
                                                                                                                    • WSACleanup.WSOCK32 ref: 00D207BF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                    • String ID: Ping
                                                                                                                    • API String ID: 1028309954-2246546115
                                                                                                                    • Opcode ID: 3505992428f5d535697f68eff1baf1d461edad38e81d03f6e4b33061746f533c
                                                                                                                    • Instruction ID: 8ac7d59377c31ad2aff0e339b07f9f7a2d0f42b2b179f811984d4aa47148881b
                                                                                                                    • Opcode Fuzzy Hash: 3505992428f5d535697f68eff1baf1d461edad38e81d03f6e4b33061746f533c
                                                                                                                    • Instruction Fuzzy Hash: 10917A756083119FD320DF15D889F1ABBE0AF54318F1885A9E4A99B7A3C730ED45CFA1
                                                                                                                    Function 00D28CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$BuffCharLower
                                                                                                                    • String ID: cdecl$none$stdcall$winapi
                                                                                                                    • API String ID: 707087890-567219261
                                                                                                                    • Opcode ID: d1045b417f3a603548cc64522e61d18d6cee3bce4734fee67f64e0a337f9c0da
                                                                                                                    • Instruction ID: f34fdba10b3b163cd9122447bf491874f8b4787da17cd7bff6046d6157645470
                                                                                                                    • Opcode Fuzzy Hash: d1045b417f3a603548cc64522e61d18d6cee3bce4734fee67f64e0a337f9c0da
                                                                                                                    • Instruction Fuzzy Hash: 3D51C331A051269BCB14DF68D8409BEB3A5BF75328B294229F466E72C4DB32DD44E7A0
                                                                                                                    Function 00D2372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CoInitialize.OLE32 ref: 00D23774
                                                                                                                    • CoUninitialize.OLE32 ref: 00D2377F
                                                                                                                    • CoCreateInstance.OLE32(?,00000000,00000017,00D3FB78,?), ref: 00D237D9
                                                                                                                    • IIDFromString.OLE32(?,?), ref: 00D2384C
                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00D238E4
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00D23936
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                    • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                    • API String ID: 636576611-1287834457
                                                                                                                    • Opcode ID: 220d31d01eb11f3607a8a22066d4b1b550c89c9163920851b16e66a046748052
                                                                                                                    • Instruction ID: ce3bf49ae009b0ed66929dfa9d49e8edffe2867010b3a33919931d782432e2ed
                                                                                                                    • Opcode Fuzzy Hash: 220d31d01eb11f3607a8a22066d4b1b550c89c9163920851b16e66a046748052
                                                                                                                    • Instruction Fuzzy Hash: DB61BF70608321AFD710DF64E849B5ABBE8EF59718F040909F9859B291D774EE48CBB2
                                                                                                                    Function 00D13388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 00D133CF
                                                                                                                      • Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD
                                                                                                                    • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00D133F0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LoadString$_wcslen
                                                                                                                    • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                    • API String ID: 4099089115-3080491070
                                                                                                                    • Opcode ID: b89ce980ae90117b3ef293080b84ab931326607666918321fc1fc9c0302285b3
                                                                                                                    • Instruction ID: f8da424bfac55d2d3d75a471ed80c33cdf421261dde8d46e98d90ad4595b222e
                                                                                                                    • Opcode Fuzzy Hash: b89ce980ae90117b3ef293080b84ab931326607666918321fc1fc9c0302285b3
                                                                                                                    • Instruction Fuzzy Hash: E9518A7190020AABDF14EBA0DD56EEEB779EF05344F144165B409B21A2EF316F98EB70
                                                                                                                    Function 00D0B5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$BuffCharUpper
                                                                                                                    • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                    • API String ID: 1256254125-769500911
                                                                                                                    • Opcode ID: 15f1c13ff0d1baf1a5227618448814ddfab02961aefda155df419e4007b0501f
                                                                                                                    • Instruction ID: c05827b3bb8bdddf876c6fb1e7d8b8184676a9213727315126b74d763fa8397a
                                                                                                                    • Opcode Fuzzy Hash: 15f1c13ff0d1baf1a5227618448814ddfab02961aefda155df419e4007b0501f
                                                                                                                    • Instruction Fuzzy Hash: 8841A932A041279BCB105F7DC8906BE77A5ABA1774B68412BE469DF2C4E732CD81C7B0
                                                                                                                    Function 00D15393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 00D153A0
                                                                                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 00D15416
                                                                                                                    • GetLastError.KERNEL32 ref: 00D15420
                                                                                                                    • SetErrorMode.KERNEL32(00000000,READY), ref: 00D154A7
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                    • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                    • API String ID: 4194297153-14809454
                                                                                                                    • Opcode ID: 68a1f5d57d8e0557460eb0f9f216096b02801937d55b1263eb8cf2318db64255
                                                                                                                    • Instruction ID: e79221216e1171f0da7175795484c21bd4d2c91bd9110efa5182e1f94404c6cd
                                                                                                                    • Opcode Fuzzy Hash: 68a1f5d57d8e0557460eb0f9f216096b02801937d55b1263eb8cf2318db64255
                                                                                                                    • Instruction Fuzzy Hash: 5F318F35A00605EFC710DF68E484AEABBB4EB85309F188065E406DB396DB75DDC6CBB0
                                                                                                                    Function 00D33C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateMenu.USER32 ref: 00D33C79
                                                                                                                    • SetMenu.USER32(?,00000000), ref: 00D33C88
                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00D33D10
                                                                                                                    • IsMenu.USER32(?), ref: 00D33D24
                                                                                                                    • CreatePopupMenu.USER32 ref: 00D33D2E
                                                                                                                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00D33D5B
                                                                                                                    • DrawMenuBar.USER32 ref: 00D33D63
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                    • String ID: 0$F
                                                                                                                    • API String ID: 161812096-3044882817
                                                                                                                    • Opcode ID: cbb2be3d48b38b39274038241e0ed72eac28c9f85b7a01ace4a0c1728c276703
                                                                                                                    • Instruction ID: 882e5b97f4070250a48093f47d222bde6bf1cd192cffb8cec7373f5742bf7880
                                                                                                                    • Opcode Fuzzy Hash: cbb2be3d48b38b39274038241e0ed72eac28c9f85b7a01ace4a0c1728c276703
                                                                                                                    • Instruction Fuzzy Hash: FD413979A01309AFDB14CF64E944AAA7BB5FF49350F180029F956E7360D770AA11CFA4
                                                                                                                    Function 00D01EDF Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 78windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD
                                                                                                                      • Part of subcall function 00D03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D03CCA
                                                                                                                    • SendMessageW.USER32(?,0000018C,000000FF,00020000), ref: 00D01F64
                                                                                                                    • GetDlgCtrlID.USER32 ref: 00D01F6F
                                                                                                                    • GetParent.USER32 ref: 00D01F8B
                                                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00D01F8E
                                                                                                                    • GetDlgCtrlID.USER32(?), ref: 00D01F97
                                                                                                                    • GetParent.USER32(?), ref: 00D01FAB
                                                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00D01FAE
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 711023334-1403004172
                                                                                                                    • Opcode ID: 7cc02b4b128857de328eb353789cafd564389fb7aa290d597a1bee34113b689d
                                                                                                                    • Instruction ID: d00c0a8a5544c2ede4d3d0ea026e9ba612f9ac192325867be39afa0e42c3cffa
                                                                                                                    • Opcode Fuzzy Hash: 7cc02b4b128857de328eb353789cafd564389fb7aa290d597a1bee34113b689d
                                                                                                                    • Instruction Fuzzy Hash: 4B21CF75A00215BBCF04AFA0DC86EEEBBB8EF06354F004115F965A72E1CB389908DB70
                                                                                                                    Function 00D01FC0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD
                                                                                                                      • Part of subcall function 00D03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D03CCA
                                                                                                                    • SendMessageW.USER32(?,00000186,00020000,00000000), ref: 00D02043
                                                                                                                    • GetDlgCtrlID.USER32 ref: 00D0204E
                                                                                                                    • GetParent.USER32 ref: 00D0206A
                                                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00D0206D
                                                                                                                    • GetDlgCtrlID.USER32(?), ref: 00D02076
                                                                                                                    • GetParent.USER32(?), ref: 00D0208A
                                                                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00D0208D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$CtrlParent$ClassName_wcslen
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 711023334-1403004172
                                                                                                                    • Opcode ID: b2d8618a5ef26c823c9b42a847fc6816d996c2d9f843a13a8396f09b22ad008f
                                                                                                                    • Instruction ID: 4176e5cd5caa9de8fd25cbab0e6547e8d7f0df9fdc35195bb678edaaa3029bd9
                                                                                                                    • Opcode Fuzzy Hash: b2d8618a5ef26c823c9b42a847fc6816d996c2d9f843a13a8396f09b22ad008f
                                                                                                                    • Instruction Fuzzy Hash: FF218E75A00214BBDB10AFA4DC8AAFEBBB8EB05344F004015F955A72A1DA798918DB70
                                                                                                                    Function 00D33A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00D33A9D
                                                                                                                    • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00D33AA0
                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00D33AC7
                                                                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00D33AEA
                                                                                                                    • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00D33B62
                                                                                                                    • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00D33BAC
                                                                                                                    • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00D33BC7
                                                                                                                    • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00D33BE2
                                                                                                                    • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00D33BF6
                                                                                                                    • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00D33C13
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$LongWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 312131281-0
                                                                                                                    • Opcode ID: fd47e767b536d9d5aae88730d273a5bbb00b5a1110a65231c99f5a0c4a5d5af0
                                                                                                                    • Instruction ID: b9c29cd0babe19cf4d3f005780acd3dda98580b0e95029bf2081cad9526d9ca3
                                                                                                                    • Opcode Fuzzy Hash: fd47e767b536d9d5aae88730d273a5bbb00b5a1110a65231c99f5a0c4a5d5af0
                                                                                                                    • Instruction Fuzzy Hash: 82615A75900248AFDB10DFA8CD81EEE77B8EB09700F144199FA15E73A1D774AE85DB60
                                                                                                                    Function 00D0B12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00D0B151
                                                                                                                    • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00D0A1E1,?,00000001), ref: 00D0B165
                                                                                                                    • GetWindowThreadProcessId.USER32(00000000), ref: 00D0B16C
                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00D0A1E1,?,00000001), ref: 00D0B17B
                                                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 00D0B18D
                                                                                                                    • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,00D0A1E1,?,00000001), ref: 00D0B1A6
                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00D0A1E1,?,00000001), ref: 00D0B1B8
                                                                                                                    • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00D0A1E1,?,00000001), ref: 00D0B1FD
                                                                                                                    • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,00D0A1E1,?,00000001), ref: 00D0B212
                                                                                                                    • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,00D0A1E1,?,00000001), ref: 00D0B21D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2156557900-0
                                                                                                                    • Opcode ID: 97795198cd34de458a1a2b3ce42cd0a84917d900b3a283fafcfecab49b611149
                                                                                                                    • Instruction ID: 71f981aa0faba7f0d5a4ab237ae57da3202c48dacb0b696662d3409c15299774
                                                                                                                    • Opcode Fuzzy Hash: 97795198cd34de458a1a2b3ce42cd0a84917d900b3a283fafcfecab49b611149
                                                                                                                    • Instruction Fuzzy Hash: FD319C71614304BFDB109F24DC49B6D7BA9BB61321F145416FA09E73E0E7B49A808F79
                                                                                                                    Function 00CD2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _free.LIBCMT ref: 00CD2C94
                                                                                                                      • Part of subcall function 00CD29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000), ref: 00CD29DE
                                                                                                                      • Part of subcall function 00CD29C8: GetLastError.KERNEL32(00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000,00000000), ref: 00CD29F0
                                                                                                                    • _free.LIBCMT ref: 00CD2CA0
                                                                                                                    • _free.LIBCMT ref: 00CD2CAB
                                                                                                                    • _free.LIBCMT ref: 00CD2CB6
                                                                                                                    • _free.LIBCMT ref: 00CD2CC1
                                                                                                                    • _free.LIBCMT ref: 00CD2CCC
                                                                                                                    • _free.LIBCMT ref: 00CD2CD7
                                                                                                                    • _free.LIBCMT ref: 00CD2CE2
                                                                                                                    • _free.LIBCMT ref: 00CD2CED
                                                                                                                    • _free.LIBCMT ref: 00CD2CFB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 776569668-0
                                                                                                                    • Opcode ID: dcf52a5746fe457c68cec829c53de3cad386514a828de01cffe4630c756aa279
                                                                                                                    • Instruction ID: a7dd70824550489c368a2d13fa02ebb941302ace938b5c2744ec2bea9412f21f
                                                                                                                    • Opcode Fuzzy Hash: dcf52a5746fe457c68cec829c53de3cad386514a828de01cffe4630c756aa279
                                                                                                                    • Instruction Fuzzy Hash: 26119376100108BFCB02EF54D892CDD3BA5FF15350F4144A6FA489B322DA31EE50BB90
                                                                                                                    Function 00D17DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00D17FAD
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00D17FC1
                                                                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00D17FEB
                                                                                                                    • SetFileAttributesW.KERNEL32(?,00000000), ref: 00D18005
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00D18017
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00D18060
                                                                                                                    • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 00D180B0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentDirectory$AttributesFile
                                                                                                                    • String ID: *.*
                                                                                                                    • API String ID: 769691225-438819550
                                                                                                                    • Opcode ID: d6d08b6c579c1bcbcbe32e7c3ebb753d7c55863e227f35d882b955631692d285
                                                                                                                    • Instruction ID: 5b7f266c389d58999a2c6bd03a61b488495f4e2d459844c721af198c1c5c1ca4
                                                                                                                    • Opcode Fuzzy Hash: d6d08b6c579c1bcbcbe32e7c3ebb753d7c55863e227f35d882b955631692d285
                                                                                                                    • Instruction Fuzzy Hash: A281A172508246ABCB20EF54D844AEAB3E8BF89314F18485EF885D7261DF34DD859B62
                                                                                                                    Function 00CA5BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetWindowLongW.USER32(?,000000EB), ref: 00CA5C7A
                                                                                                                      • Part of subcall function 00CA5D0A: GetClientRect.USER32(?,?), ref: 00CA5D30
                                                                                                                      • Part of subcall function 00CA5D0A: GetWindowRect.USER32(?,?), ref: 00CA5D71
                                                                                                                      • Part of subcall function 00CA5D0A: ScreenToClient.USER32(?,?), ref: 00CA5D99
                                                                                                                    • GetDC.USER32 ref: 00CE46F5
                                                                                                                    • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 00CE4708
                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00CE4716
                                                                                                                    • SelectObject.GDI32(00000000,00000000), ref: 00CE472B
                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00CE4733
                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 00CE47C4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                    • String ID: U
                                                                                                                    • API String ID: 4009187628-3372436214
                                                                                                                    • Opcode ID: a4f053b2ac8b27f2286fd5a47e13b09c2c060399c35c373d4a38fd7bbe0aa577
                                                                                                                    • Instruction ID: 06076ad739e324b03aa861ed1650f96a8999acaf462a2a59356371d4b29e1c11
                                                                                                                    • Opcode Fuzzy Hash: a4f053b2ac8b27f2286fd5a47e13b09c2c060399c35c373d4a38fd7bbe0aa577
                                                                                                                    • Instruction Fuzzy Hash: 50710634400345DFCF298F65C984ABA7BB5FF4A364F144269FD659A2AAC3308D41DFA0
                                                                                                                    Function 00D1359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 00D135E4
                                                                                                                      • Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD
                                                                                                                    • LoadStringW.USER32(00D72390,?,00000FFF,?), ref: 00D1360A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LoadString$_wcslen
                                                                                                                    • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                    • API String ID: 4099089115-2391861430
                                                                                                                    • Opcode ID: 0f3978746aead89c8eeaeb91120eacc4206df03dec868b4ed7fd17d26add6255
                                                                                                                    • Instruction ID: aaa7347da913501f59e72958ca470936c50989a7917d128759c450cebab9dd5b
                                                                                                                    • Opcode Fuzzy Hash: 0f3978746aead89c8eeaeb91120eacc4206df03dec868b4ed7fd17d26add6255
                                                                                                                    • Instruction Fuzzy Hash: C7516C7190021ABBDF15EBA0DC52EEEBB38EF05344F144125F105721A2EB306A99EBB0
                                                                                                                    Function 00D38B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00CB9BB2
                                                                                                                      • Part of subcall function 00CB912D: GetCursorPos.USER32(?), ref: 00CB9141
                                                                                                                      • Part of subcall function 00CB912D: ScreenToClient.USER32(00000000,?), ref: 00CB915E
                                                                                                                      • Part of subcall function 00CB912D: GetAsyncKeyState.USER32(00000001), ref: 00CB9183
                                                                                                                      • Part of subcall function 00CB912D: GetAsyncKeyState.USER32(00000002), ref: 00CB919D
                                                                                                                    • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00D38B6B
                                                                                                                    • ImageList_EndDrag.COMCTL32 ref: 00D38B71
                                                                                                                    • ReleaseCapture.USER32 ref: 00D38B77
                                                                                                                    • SetWindowTextW.USER32(?,00000000), ref: 00D38C12
                                                                                                                    • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00D38C25
                                                                                                                    • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00D38CFF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                    • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                    • API String ID: 1924731296-2107944366
                                                                                                                    • Opcode ID: 962e29cbe3b852a9e71b358a70b0ff4e3b4207596fe3cb27900c6fc8dde679a6
                                                                                                                    • Instruction ID: 7526c5561be6701ba8a1a797344fb37bc4aec0ad3c12979953aaa98792b1c508
                                                                                                                    • Opcode Fuzzy Hash: 962e29cbe3b852a9e71b358a70b0ff4e3b4207596fe3cb27900c6fc8dde679a6
                                                                                                                    • Instruction Fuzzy Hash: 38517875204304AFD704DF24CC96FAA77E4FB88714F040629FA96A72A1DB70A944DBB2
                                                                                                                    Function 00D1C253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00D1C272
                                                                                                                    • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00D1C29A
                                                                                                                    • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 00D1C2CA
                                                                                                                    • GetLastError.KERNEL32 ref: 00D1C322
                                                                                                                    • SetEvent.KERNEL32(?), ref: 00D1C336
                                                                                                                    • InternetCloseHandle.WININET(00000000), ref: 00D1C341
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3113390036-3916222277
                                                                                                                    • Opcode ID: 8df770c33595cc4f712f749451066d71de6e84f7f4d7075466b7faa1fe612a41
                                                                                                                    • Instruction ID: 85b8de02a8be8b3d845b9fefcfe4caa5b8d69fd6b31e72912b173536b2ae2f66
                                                                                                                    • Opcode Fuzzy Hash: 8df770c33595cc4f712f749451066d71de6e84f7f4d7075466b7faa1fe612a41
                                                                                                                    • Instruction Fuzzy Hash: AB3191B1550304BFD7219F65AC88AAB7BFCEB49740B14A51DF496D2210DF30DD849B70
                                                                                                                    Function 00D0989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,00CE3AAF,?,?,Bad directive syntax error,00D3CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 00D098BC
                                                                                                                    • LoadStringW.USER32(00000000,?,00CE3AAF,?), ref: 00D098C3
                                                                                                                      • Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD
                                                                                                                    • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 00D09987
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                    • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                    • API String ID: 858772685-4153970271
                                                                                                                    • Opcode ID: 12fc25ad42cd554521660ec1a82d2a7c6c7ae477cafae59e814f7c774095ca03
                                                                                                                    • Instruction ID: 66a45f3c581181a7afc0bc65a7c60b66b1bdd88c4cfb4fc3cb1273781fd9093f
                                                                                                                    • Opcode Fuzzy Hash: 12fc25ad42cd554521660ec1a82d2a7c6c7ae477cafae59e814f7c774095ca03
                                                                                                                    • Instruction Fuzzy Hash: 5D219132D4421AAFCF11EF90CC16EEE7735FF19304F045419F519620A2EB71A618EB60
                                                                                                                    Function 00D0209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetParent.USER32 ref: 00D020AB
                                                                                                                    • GetClassNameW.USER32(00000000,?,00000100), ref: 00D020C0
                                                                                                                    • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00D0214D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassMessageNameParentSend
                                                                                                                    • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                    • API String ID: 1290815626-3381328864
                                                                                                                    • Opcode ID: 8cd644abc4e74c4ac351689e69171387f15ce6e3ca9b881555f15c5f822757a4
                                                                                                                    • Instruction ID: 148db872b8e915e3339cd509ec82c102d55e30c959672e2b0a069e9a09c954b0
                                                                                                                    • Opcode Fuzzy Hash: 8cd644abc4e74c4ac351689e69171387f15ce6e3ca9b881555f15c5f822757a4
                                                                                                                    • Instruction Fuzzy Hash: CB113676288306BAFA192224EC0BFB6739CCB05324F20001AFB4CA50E5EA61A8466635
                                                                                                                    Function 00CD8D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 7f404b8cad575d6617be695cd8dc4377021e9c37ce4e3efda76a69909a84859e
                                                                                                                    • Instruction ID: 7ad4634c29ee09b0e1567b25c6a49b4a74889a14bf3122b298d67340912cfc0f
                                                                                                                    • Opcode Fuzzy Hash: 7f404b8cad575d6617be695cd8dc4377021e9c37ce4e3efda76a69909a84859e
                                                                                                                    • Instruction Fuzzy Hash: AFC1D478E04349AFDB11DFA8D841BADBFB1EF0D310F14419AE629A7392C7349A41DB61
                                                                                                                    Function 00CDCE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1282221369-0
                                                                                                                    • Opcode ID: 796c2ca01cfb0ab6c014a8eb6517441a4f14b751c77c9ced7f14605a0d57a4f3
                                                                                                                    • Instruction ID: 800fb2c067364976142690cd421b6c0280863bf80164b2354187e09d624f471f
                                                                                                                    • Opcode Fuzzy Hash: 796c2ca01cfb0ab6c014a8eb6517441a4f14b751c77c9ced7f14605a0d57a4f3
                                                                                                                    • Instruction Fuzzy Hash: 6D610671904312AFDB21AFF4D8C5AAA7BA5AF05320F04416FFB55D7382E6319A41E760
                                                                                                                    Function 00CB8B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 00CF6890
                                                                                                                    • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 00CF68A9
                                                                                                                    • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 00CF68B9
                                                                                                                    • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 00CF68D1
                                                                                                                    • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 00CF68F2
                                                                                                                    • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00CB8874,00000000,00000000,00000000,000000FF,00000000), ref: 00CF6901
                                                                                                                    • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 00CF691E
                                                                                                                    • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00CB8874,00000000,00000000,00000000,000000FF,00000000), ref: 00CF692D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1268354404-0
                                                                                                                    • Opcode ID: f0e1eb7b0d056ca9f3d0f7ae3bb567ffa7f74c46cb2b21f5170359d82c4cb9ed
                                                                                                                    • Instruction ID: eb87e14ff9ed5ded551489c0a13ed2e4bbd06ae04357b18022925f288c7b7b95
                                                                                                                    • Opcode Fuzzy Hash: f0e1eb7b0d056ca9f3d0f7ae3bb567ffa7f74c46cb2b21f5170359d82c4cb9ed
                                                                                                                    • Instruction Fuzzy Hash: CD516974610309AFDB20CF25CC55BAA7BB9EB58750F104518FA66E72A0DB70EA90DB60
                                                                                                                    Function 00D1C143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00D1C182
                                                                                                                    • GetLastError.KERNEL32 ref: 00D1C195
                                                                                                                    • SetEvent.KERNEL32(?), ref: 00D1C1A9
                                                                                                                      • Part of subcall function 00D1C253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 00D1C272
                                                                                                                      • Part of subcall function 00D1C253: GetLastError.KERNEL32 ref: 00D1C322
                                                                                                                      • Part of subcall function 00D1C253: SetEvent.KERNEL32(?), ref: 00D1C336
                                                                                                                      • Part of subcall function 00D1C253: InternetCloseHandle.WININET(00000000), ref: 00D1C341
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 337547030-0
                                                                                                                    • Opcode ID: a51343d21edee0d9e8241ba41b3cf785b1e3f836aa3406af9a4310086e55a3b2
                                                                                                                    • Instruction ID: 7d5d99584183a2f707639089785c343bbf2406602882b5c94da22087faad74f5
                                                                                                                    • Opcode Fuzzy Hash: a51343d21edee0d9e8241ba41b3cf785b1e3f836aa3406af9a4310086e55a3b2
                                                                                                                    • Instruction Fuzzy Hash: 7931AE712A1701BFDB219FA5EC04AABBBF8FF18300B04641DF996D6611DB30E8949B70
                                                                                                                    Function 00D025A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00D03A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00D03A57
                                                                                                                      • Part of subcall function 00D03A3D: GetCurrentThreadId.KERNEL32 ref: 00D03A5E
                                                                                                                      • Part of subcall function 00D03A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00D025B3), ref: 00D03A65
                                                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 00D025BD
                                                                                                                    • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 00D025DB
                                                                                                                    • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 00D025DF
                                                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 00D025E9
                                                                                                                    • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 00D02601
                                                                                                                    • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 00D02605
                                                                                                                    • MapVirtualKeyW.USER32(00000025,00000000), ref: 00D0260F
                                                                                                                    • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 00D02623
                                                                                                                    • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 00D02627
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2014098862-0
                                                                                                                    • Opcode ID: fedf4b115af0eefca71d6ce3c1ab1e9e725aba8a21df03d1e33186baa7a40726
                                                                                                                    • Instruction ID: 7ea3df334ec29614039bc6419f3e2d03c033b0f27debc5c3f3b264f6d6804592
                                                                                                                    • Opcode Fuzzy Hash: fedf4b115af0eefca71d6ce3c1ab1e9e725aba8a21df03d1e33186baa7a40726
                                                                                                                    • Instruction Fuzzy Hash: 1C01B1313A0310BBFB1067699C8EF593E59DB5AB12F101001F358EE1E1C9E264449A79
                                                                                                                    Function 00D01803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,00D01449,?,?,00000000), ref: 00D0180C
                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,00D01449,?,?,00000000), ref: 00D01813
                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00D01449,?,?,00000000), ref: 00D01828
                                                                                                                    • GetCurrentProcess.KERNEL32(?,00000000,?,00D01449,?,?,00000000), ref: 00D01830
                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,00D01449,?,?,00000000), ref: 00D01833
                                                                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,00D01449,?,?,00000000), ref: 00D01843
                                                                                                                    • GetCurrentProcess.KERNEL32(00D01449,00000000,?,00D01449,?,?,00000000), ref: 00D0184B
                                                                                                                    • DuplicateHandle.KERNEL32(00000000,?,00D01449,?,?,00000000), ref: 00D0184E
                                                                                                                    • CreateThread.KERNEL32(00000000,00000000,00D01874,00000000,00000000,00000000), ref: 00D01868
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1957940570-0
                                                                                                                    • Opcode ID: 9dabeed0a30c5adbe5a6805c3a69b40e8d5ab9fa98c7470cabb658fa4e31e5a9
                                                                                                                    • Instruction ID: 2780c21e59d3e840d37f6f4857b0e6aae269685854a3fa536563e113dc699e25
                                                                                                                    • Opcode Fuzzy Hash: 9dabeed0a30c5adbe5a6805c3a69b40e8d5ab9fa98c7470cabb658fa4e31e5a9
                                                                                                                    • Instruction Fuzzy Hash: 4F01BBB5250308BFE710ABA5DC4DF6B3BACEB89B11F009411FA05EB2A1CA70D810DB30
                                                                                                                    Function 00D2A0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00D0D4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 00D0D501
                                                                                                                      • Part of subcall function 00D0D4DC: Process32FirstW.KERNEL32(00000000,?), ref: 00D0D50F
                                                                                                                      • Part of subcall function 00D0D4DC: FindCloseChangeNotification.KERNEL32(00000000), ref: 00D0D5DC
                                                                                                                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00D2A16D
                                                                                                                    • GetLastError.KERNEL32 ref: 00D2A180
                                                                                                                    • OpenProcess.KERNEL32(00000001,00000000,?), ref: 00D2A1B3
                                                                                                                    • TerminateProcess.KERNEL32(00000000,00000000), ref: 00D2A268
                                                                                                                    • GetLastError.KERNEL32(00000000), ref: 00D2A273
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00D2A2C4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$CloseErrorLastOpen$ChangeCreateFindFirstHandleNotificationProcess32SnapshotTerminateToolhelp32
                                                                                                                    • String ID: SeDebugPrivilege
                                                                                                                    • API String ID: 1701285019-2896544425
                                                                                                                    • Opcode ID: dc5a09c8d1cd0520b7e18de0e26909b46b6d60206a374e911246796cea734d64
                                                                                                                    • Instruction ID: 9c2da6944fdc9e05673dcac72182b05da6c4888ad2328cbbfa4f20c3aea017e3
                                                                                                                    • Opcode Fuzzy Hash: dc5a09c8d1cd0520b7e18de0e26909b46b6d60206a374e911246796cea734d64
                                                                                                                    • Instruction Fuzzy Hash: 9E617B302042529FD720DF18D894F15BBA1EF5531CF19849CE46A8B7A3C772EC45CBA6
                                                                                                                    Function 00D33886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00D33925
                                                                                                                    • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 00D3393A
                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00D33954
                                                                                                                    • _wcslen.LIBCMT ref: 00D33999
                                                                                                                    • SendMessageW.USER32(?,00001057,00000000,?), ref: 00D339C6
                                                                                                                    • SendMessageW.USER32(?,00001061,?,0000000F), ref: 00D339F4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Window_wcslen
                                                                                                                    • String ID: SysListView32
                                                                                                                    • API String ID: 2147712094-78025650
                                                                                                                    • Opcode ID: bd0f9eaf6ffc9e87797e824b115b7f40718327840f5da3ede7beb5f5fb4d1905
                                                                                                                    • Instruction ID: 4b97dfdb7b6d28cdc3dce10fb7f40028d0d2c5c25cca24106e89eb2fb667b5d4
                                                                                                                    • Opcode Fuzzy Hash: bd0f9eaf6ffc9e87797e824b115b7f40718327840f5da3ede7beb5f5fb4d1905
                                                                                                                    • Instruction Fuzzy Hash: C741A271A00319ABEB219F64CC45FEA77A9FF08354F140526F958E7291D7B1D984CBB0
                                                                                                                    Function 00D0BC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00D0BCFD
                                                                                                                    • IsMenu.USER32(00000000), ref: 00D0BD1D
                                                                                                                    • CreatePopupMenu.USER32 ref: 00D0BD53
                                                                                                                    • GetMenuItemCount.USER32(012D5798), ref: 00D0BDA4
                                                                                                                    • InsertMenuItemW.USER32(012D5798,?,00000001,00000030), ref: 00D0BDCC
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                    • String ID: 0$2
                                                                                                                    • API String ID: 93392585-3793063076
                                                                                                                    • Opcode ID: 76e241556fbd9c52c0d69b61439a2786121ac165c07adc9d3703be3293910aa8
                                                                                                                    • Instruction ID: 01302db1e09cce9f5bf6a124c4402e1b7c131a5f66cc317667e668675c6ec278
                                                                                                                    • Opcode Fuzzy Hash: 76e241556fbd9c52c0d69b61439a2786121ac165c07adc9d3703be3293910aa8
                                                                                                                    • Instruction Fuzzy Hash: 80518F70A08206DBDB10DFA9D884BAEFBF4EF45324F18425AE45AE72D1E7709941CB71
                                                                                                                    Function 00D0C874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadIconW.USER32(00000000,00007F03), ref: 00D0C913
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: IconLoad
                                                                                                                    • String ID: blank$info$question$stop$warning
                                                                                                                    • API String ID: 2457776203-404129466
                                                                                                                    • Opcode ID: 0507de4b54e2545bbb24235a4f5eacfd78ed76e0a986fef6d6cd6757dd9fcd9b
                                                                                                                    • Instruction ID: 5d958c48a550466da9f7f812212bd862e74f9c9596fe14f783b1ab1ee32669fa
                                                                                                                    • Opcode Fuzzy Hash: 0507de4b54e2545bbb24235a4f5eacfd78ed76e0a986fef6d6cd6757dd9fcd9b
                                                                                                                    • Instruction Fuzzy Hash: 30113D31699306BFE7089B14EC83FAA379CDF15315B20512EF908A62C2D770DD006678
                                                                                                                    Function 00D0DE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                    • String ID: 0.0.0.0
                                                                                                                    • API String ID: 642191829-3771769585
                                                                                                                    • Opcode ID: c37977ac733b3bef23fb0f73229adbb3e92c2fad9f1f8042eeab6f17a54470a4
                                                                                                                    • Instruction ID: 25e5c6410ed71ef936f746efeebeefa64fc028718fb65509507130a0c322932d
                                                                                                                    • Opcode Fuzzy Hash: c37977ac733b3bef23fb0f73229adbb3e92c2fad9f1f8042eeab6f17a54470a4
                                                                                                                    • Instruction Fuzzy Hash: CD110672904214AFCB24AB60DC0AFEE77ADDF10710F04016AF489EA1D1EF71CA819B70
                                                                                                                    Function 00D39F86 Relevance: 12.3, APIs: 8, Instructions: 260windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00CB9BB2
                                                                                                                    • GetSystemMetrics.USER32(0000000F), ref: 00D39FC7
                                                                                                                    • GetSystemMetrics.USER32(0000000F), ref: 00D39FE7
                                                                                                                    • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 00D3A224
                                                                                                                    • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 00D3A242
                                                                                                                    • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 00D3A263
                                                                                                                    • ShowWindow.USER32(00000003,00000000), ref: 00D3A282
                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00D3A2A7
                                                                                                                    • DefDlgProcW.USER32(?,00000005,?,?), ref: 00D3A2CA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1211466189-0
                                                                                                                    • Opcode ID: 2595d06960f5e4ba18a341745d2c023b0a58b94129fa0b26805f9850cf50da87
                                                                                                                    • Instruction ID: 26baef47d5cd052a36a3373fd5b4fdde0c4af3a77ac770c2f9f3fcf10a609a3a
                                                                                                                    • Opcode Fuzzy Hash: 2595d06960f5e4ba18a341745d2c023b0a58b94129fa0b26805f9850cf50da87
                                                                                                                    • Instruction Fuzzy Hash: 3DB18835600215EFDF14CF6CC985BAE7BB2FF48701F099069EC89AB299D771A940CB61
                                                                                                                    Function 00D0ED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$LocalTime
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 952045576-0
                                                                                                                    • Opcode ID: b61169e058be06b896f2ec9ca0f14a630694cea23880a2088080e9a0713cf79a
                                                                                                                    • Instruction ID: bf96c8f69aadfa4f9ecb62e1e4ef55a9ecdd8899cadcecf18c262d02e5a944cc
                                                                                                                    • Opcode Fuzzy Hash: b61169e058be06b896f2ec9ca0f14a630694cea23880a2088080e9a0713cf79a
                                                                                                                    • Instruction Fuzzy Hash: 9D418065C1021875CB11EBB4C88AFDFB7ACAF45710F50886AF518E3161FB34E655C3A5
                                                                                                                    Function 00CBF8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00CF682C,00000004,00000000,00000000), ref: 00CBF953
                                                                                                                    • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,00CF682C,00000004,00000000,00000000), ref: 00CFF3D1
                                                                                                                    • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,00CF682C,00000004,00000000,00000000), ref: 00CFF454
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ShowWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1268545403-0
                                                                                                                    • Opcode ID: 04de17bff5c0b72367b505fb9520c557831770e473f88d02bf1f075156c64cb9
                                                                                                                    • Instruction ID: 314d6e328ac1a10e2f26a15b0179420cae324b294d53e2eca6b7496ed179a8f8
                                                                                                                    • Opcode Fuzzy Hash: 04de17bff5c0b72367b505fb9520c557831770e473f88d02bf1f075156c64cb9
                                                                                                                    • Instruction Fuzzy Hash: E8412A31A08744FAC7798B2D8C887BA7B91EF56310F14453CE1A792770D631AA83DB21
                                                                                                                    Function 00D32D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DeleteObject.GDI32(00000000), ref: 00D32D1B
                                                                                                                    • GetDC.USER32(00000000), ref: 00D32D23
                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00D32D2E
                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00D32D3A
                                                                                                                    • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00D32D76
                                                                                                                    • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00D32D87
                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00D35A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00D32DC2
                                                                                                                    • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00D32DE1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3864802216-0
                                                                                                                    • Opcode ID: 6598331dbc36185a4a0ac4279affd76f95968d8a302c3a20657e1dfa65e5d691
                                                                                                                    • Instruction ID: abcc1b484913d2b6f1a7384ac143e4ae77820973843b0b775c66fef91755ba6e
                                                                                                                    • Opcode Fuzzy Hash: 6598331dbc36185a4a0ac4279affd76f95968d8a302c3a20657e1dfa65e5d691
                                                                                                                    • Instruction Fuzzy Hash: DD316B72211614BBEB218F50DC8AFFB3BA9EB09755F084055FE08EA2A1D6759C50CBB4
                                                                                                                    Function 00D05622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _memcmp
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2931989736-0
                                                                                                                    • Opcode ID: c391786bedb5dee59a38ff56f618c136ff2af865908de530d546fc030b73bfbe
                                                                                                                    • Instruction ID: cfcc35b43fc1aa386b25ff1c0cb93b7e49d3ab0a9728132156c0f669e13b5cc2
                                                                                                                    • Opcode Fuzzy Hash: c391786bedb5dee59a38ff56f618c136ff2af865908de530d546fc030b73bfbe
                                                                                                                    • Instruction Fuzzy Hash: 1A21AA61A40A09BBD3145611EE82FBB335CAF62384F8C0024FD0D5A5C6F762ED149DB5
                                                                                                                    Function 00D24FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                    • API String ID: 0-572801152
                                                                                                                    • Opcode ID: e9df5df55212755230de26775f27f7add431dbddda573b00d8f7328904444136
                                                                                                                    • Instruction ID: 2ab83370184216f314af79970a30e57e1a8a019d687641559ec4286910d05abe
                                                                                                                    • Opcode Fuzzy Hash: e9df5df55212755230de26775f27f7add431dbddda573b00d8f7328904444136
                                                                                                                    • Instruction Fuzzy Hash: 21D1A171A0061A9FDF10CF98E880FAEB7B5BF58348F188069E915AB285D771DD45CBB0
                                                                                                                    Function 00CE1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,00CE17FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 00CE15CE
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00CE17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00CE1651
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00CE17FB,?,00CE17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00CE16E4
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,00CE17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00CE16FB
                                                                                                                      • Part of subcall function 00CD3820: RtlAllocateHeap.NTDLL(00000000,?,00D71444,?,00CBFDF5,?,?,00CAA976,00000010,00D71440,00CA13FC,?,00CA13C6,?,00CA1129), ref: 00CD3852
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,00CE17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 00CE1777
                                                                                                                    • __freea.LIBCMT ref: 00CE17A2
                                                                                                                    • __freea.LIBCMT ref: 00CE17AE
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2829977744-0
                                                                                                                    • Opcode ID: f9a8f598a9f23ccf5bfa512142b6503206cdbf9afaf3a7f0b25f9522836bda67
                                                                                                                    • Instruction ID: 8c6d5db0a73fc4aa5fdd8828b8f6b7841e577139c1dcca7652a763628243a97a
                                                                                                                    • Opcode Fuzzy Hash: f9a8f598a9f23ccf5bfa512142b6503206cdbf9afaf3a7f0b25f9522836bda67
                                                                                                                    • Instruction Fuzzy Hash: A191D271E012869ADB208F66C881EEE7BB5EF49710F1C4619ED22E7281D735CE50CB60
                                                                                                                    Function 00D24523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$ClearInit
                                                                                                                    • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                    • API String ID: 2610073882-625585964
                                                                                                                    • Opcode ID: 2caf8c4b97de057d1ca59c53eab3f35174294ceaadf740858b546a5c3b1687b5
                                                                                                                    • Instruction ID: 48c5913aee36807a6d05350667f2031861cb7387defcf972d930e6cd792bbd8a
                                                                                                                    • Opcode Fuzzy Hash: 2caf8c4b97de057d1ca59c53eab3f35174294ceaadf740858b546a5c3b1687b5
                                                                                                                    • Instruction Fuzzy Hash: 5591A070A00229AFDF20CFA4D844FAEBBB8EF56719F148559F915AB280D7709945CFB0
                                                                                                                    Function 00D11187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 00D1125C
                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00D11284
                                                                                                                    • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 00D112A8
                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00D112D8
                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00D1135F
                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00D113C4
                                                                                                                    • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 00D11430
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2550207440-0
                                                                                                                    • Opcode ID: b8f8b2e66db06f33132515a297b0ca85ac782ec18dc72ae2b41d967cb08d693f
                                                                                                                    • Instruction ID: 61cc3b178c975b0f1810828601df5a856890269b04a6192790783160ef963cb8
                                                                                                                    • Opcode Fuzzy Hash: b8f8b2e66db06f33132515a297b0ca85ac782ec18dc72ae2b41d967cb08d693f
                                                                                                                    • Instruction Fuzzy Hash: 4291F079A00219BFDB009FA4E885BFEB7B5FF05714F144029E640E7291DB74A981CBB0
                                                                                                                    Function 00CB948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ObjectSelect$BeginCreatePath
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3225163088-0
                                                                                                                    • Opcode ID: 8dadd11c20a4ff29a370f5af6ae571ed9135864eba95b60fec25091015fb7580
                                                                                                                    • Instruction ID: 904c110b82150353174f1792ce5faee77509894d97338d6b23cb66fc84ded0ca
                                                                                                                    • Opcode Fuzzy Hash: 8dadd11c20a4ff29a370f5af6ae571ed9135864eba95b60fec25091015fb7580
                                                                                                                    • Instruction Fuzzy Hash: 39913771D40219EFCB14CFA9CC84AEEBBB8FF49320F148159E615B7251D374AA46DB60
                                                                                                                    Function 00D23947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00D2396B
                                                                                                                    • CharUpperBuffW.USER32(?,?), ref: 00D23A7A
                                                                                                                    • _wcslen.LIBCMT ref: 00D23A8A
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00D23C1F
                                                                                                                      • Part of subcall function 00D10CDF: VariantInit.OLEAUT32(00000000), ref: 00D10D1F
                                                                                                                      • Part of subcall function 00D10CDF: VariantCopy.OLEAUT32(?,?), ref: 00D10D28
                                                                                                                      • Part of subcall function 00D10CDF: VariantClear.OLEAUT32(?), ref: 00D10D34
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                    • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                    • API String ID: 4137639002-1221869570
                                                                                                                    • Opcode ID: 85038cfa9aafcd2d08f50bdfc473c17ba73230bb7a52db826a24f06ee0212e56
                                                                                                                    • Instruction ID: 7bb8024616c986dcb852f21f43081eb89cc81a12169ca818caad686a0a5d6e89
                                                                                                                    • Opcode Fuzzy Hash: 85038cfa9aafcd2d08f50bdfc473c17ba73230bb7a52db826a24f06ee0212e56
                                                                                                                    • Instruction Fuzzy Hash: FC919A746083119FC704EF28D48196AB7E4FF99318F04882DF88A97351DB35EE45CBA2
                                                                                                                    Function 00D24BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00D0000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00CFFF41,80070057,?,?,?,00D0035E), ref: 00D0002B
                                                                                                                      • Part of subcall function 00D0000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00CFFF41,80070057,?,?), ref: 00D00046
                                                                                                                      • Part of subcall function 00D0000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00CFFF41,80070057,?,?), ref: 00D00054
                                                                                                                      • Part of subcall function 00D0000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00CFFF41,80070057,?), ref: 00D00064
                                                                                                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 00D24C51
                                                                                                                    • _wcslen.LIBCMT ref: 00D24D59
                                                                                                                    • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 00D24DCF
                                                                                                                    • CoTaskMemFree.OLE32(?), ref: 00D24DDA
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                    • String ID: NULL Pointer assignment
                                                                                                                    • API String ID: 614568839-2785691316
                                                                                                                    • Opcode ID: a6df0f83b0bebfe360ffad3b1c5fa818f1821d3f090472101f778b28848b4bca
                                                                                                                    • Instruction ID: 3542865704b91dba9d48dcf55a7bf10d24fef9fd4ee54b5707a167e326ba837a
                                                                                                                    • Opcode Fuzzy Hash: a6df0f83b0bebfe360ffad3b1c5fa818f1821d3f090472101f778b28848b4bca
                                                                                                                    • Instruction Fuzzy Hash: EF912871D0022DAFDF14DFA4D891AEEB7B8FF08314F108169E915A7291DB349A44DFA0
                                                                                                                    Function 00D320FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetMenu.USER32(?), ref: 00D32183
                                                                                                                    • GetMenuItemCount.USER32(00000000), ref: 00D321B5
                                                                                                                    • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 00D321DD
                                                                                                                    • _wcslen.LIBCMT ref: 00D32213
                                                                                                                    • GetMenuItemID.USER32(?,?), ref: 00D3224D
                                                                                                                    • GetSubMenu.USER32(?,?), ref: 00D3225B
                                                                                                                      • Part of subcall function 00D03A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00D03A57
                                                                                                                      • Part of subcall function 00D03A3D: GetCurrentThreadId.KERNEL32 ref: 00D03A5E
                                                                                                                      • Part of subcall function 00D03A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00D025B3), ref: 00D03A65
                                                                                                                    • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00D322E3
                                                                                                                      • Part of subcall function 00D0E97B: Sleep.KERNEL32 ref: 00D0E9F3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4196846111-0
                                                                                                                    • Opcode ID: 42eaa87a06e47019e0b5b5bd529fa4584542b6805dd58746d47f5bfd84098955
                                                                                                                    • Instruction ID: cf9e971bafb4afff66f547f29ffc03aa59f328a27ab431005d9e7a43a968fca4
                                                                                                                    • Opcode Fuzzy Hash: 42eaa87a06e47019e0b5b5bd529fa4584542b6805dd58746d47f5bfd84098955
                                                                                                                    • Instruction Fuzzy Hash: D0716B75E00215AFCB10EFA8C885ABEB7F5EF49310F148459E956EB351DB34EE418BA0
                                                                                                                    Function 00D37E9E Relevance: 10.7, APIs: 7, Instructions: 193windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • IsWindow.USER32(012D5860), ref: 00D37F37
                                                                                                                    • IsWindowEnabled.USER32(012D5860), ref: 00D37F43
                                                                                                                    • SendMessageW.USER32(00000000,0000041C,00000000,00000000), ref: 00D3801E
                                                                                                                    • SendMessageW.USER32(012D5860,000000B0,?,?), ref: 00D38051
                                                                                                                    • IsDlgButtonChecked.USER32(?,?), ref: 00D38089
                                                                                                                    • GetWindowLongW.USER32(012D5860,000000EC), ref: 00D380AB
                                                                                                                    • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 00D380C3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4072528602-0
                                                                                                                    • Opcode ID: 8d448d3812fd70c3a2e44c3c9c1ba2c5724d44239dea542c98e2e43e4e7c5994
                                                                                                                    • Instruction ID: cbba423c312048f279a5a3e61d13962b2fd511d4a27deb53add7ce9601ef41c1
                                                                                                                    • Opcode Fuzzy Hash: 8d448d3812fd70c3a2e44c3c9c1ba2c5724d44239dea542c98e2e43e4e7c5994
                                                                                                                    • Instruction Fuzzy Hash: 13716AB5608B04AFEB359F64C884FAABBB9FF09340F184459F955973A1CB31A845DB30
                                                                                                                    Function 00D0AEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetParent.USER32(?), ref: 00D0AEF9
                                                                                                                    • GetKeyboardState.USER32(?), ref: 00D0AF0E
                                                                                                                    • SetKeyboardState.USER32(?), ref: 00D0AF6F
                                                                                                                    • PostMessageW.USER32(?,00000101,00000010,?), ref: 00D0AF9D
                                                                                                                    • PostMessageW.USER32(?,00000101,00000011,?), ref: 00D0AFBC
                                                                                                                    • PostMessageW.USER32(?,00000101,00000012,?), ref: 00D0AFFD
                                                                                                                    • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00D0B020
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 87235514-0
                                                                                                                    • Opcode ID: bdc618cb58f02074e8073e467dbff0008dd19a18ace8cfae489748e4788e55b7
                                                                                                                    • Instruction ID: 051611c333597ae963ab022007a36d9c9ac6f7e57ba3c48dccc6ee7a036ddaab
                                                                                                                    • Opcode Fuzzy Hash: bdc618cb58f02074e8073e467dbff0008dd19a18ace8cfae489748e4788e55b7
                                                                                                                    • Instruction Fuzzy Hash: D651A0A06187D63DFB3683388845BBABEA95F06314F0C858AF1DD954D2C3D8AC84D771
                                                                                                                    Function 00D0ACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetParent.USER32(00000000), ref: 00D0AD19
                                                                                                                    • GetKeyboardState.USER32(?), ref: 00D0AD2E
                                                                                                                    • SetKeyboardState.USER32(?), ref: 00D0AD8F
                                                                                                                    • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00D0ADBB
                                                                                                                    • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00D0ADD8
                                                                                                                    • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00D0AE17
                                                                                                                    • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00D0AE38
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 87235514-0
                                                                                                                    • Opcode ID: a86f6748f2e2b17c6f4b6343e5b1d693fcb497dd3c725ce4b5b1f5d54b8975c4
                                                                                                                    • Instruction ID: b40375748215d7c4dd52297180cfe8af5abe3abc266ceb1454aa06f7d8342fa5
                                                                                                                    • Opcode Fuzzy Hash: a86f6748f2e2b17c6f4b6343e5b1d693fcb497dd3c725ce4b5b1f5d54b8975c4
                                                                                                                    • Instruction Fuzzy Hash: 6F51B4A16187D53DFB368338CC55BBABEA99B46300F0C8589F1DD568C2D294EC88D772
                                                                                                                    Function 00CD542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetConsoleCP.KERNEL32(00CE3CD6,?,?,?,?,?,?,?,?,00CD5BA3,?,?,00CE3CD6,?,?), ref: 00CD5470
                                                                                                                    • __fassign.LIBCMT ref: 00CD54EB
                                                                                                                    • __fassign.LIBCMT ref: 00CD5506
                                                                                                                    • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00CE3CD6,00000005,00000000,00000000), ref: 00CD552C
                                                                                                                    • WriteFile.KERNEL32(?,00CE3CD6,00000000,00CD5BA3,00000000,?,?,?,?,?,?,?,?,?,00CD5BA3,?), ref: 00CD554B
                                                                                                                    • WriteFile.KERNEL32(?,?,00000001,00CD5BA3,00000000,?,?,?,?,?,?,?,?,?,00CD5BA3,?), ref: 00CD5584
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1324828854-0
                                                                                                                    • Opcode ID: d55fcc0baf4ba5aef6af2e628c71d686b2d817d78b9a041f38f26f41f4ae17a6
                                                                                                                    • Instruction ID: bf995f4741aea3841ab001b8f3f71ab1e190c23d3f6e0b8597f3a818ab954666
                                                                                                                    • Opcode Fuzzy Hash: d55fcc0baf4ba5aef6af2e628c71d686b2d817d78b9a041f38f26f41f4ae17a6
                                                                                                                    • Instruction Fuzzy Hash: EA519171A00749AFDB11CFA8E845AEEBBF9EF09300F14411BE655E7391E7309A41CB61
                                                                                                                    Function 00CC2D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00CC2D4B
                                                                                                                    • ___except_validate_context_record.LIBVCRUNTIME ref: 00CC2D53
                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00CC2DE1
                                                                                                                    • __IsNonwritableInCurrentImage.LIBCMT ref: 00CC2E0C
                                                                                                                    • _ValidateLocalCookies.LIBCMT ref: 00CC2E61
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                    • String ID: csm
                                                                                                                    • API String ID: 1170836740-1018135373
                                                                                                                    • Opcode ID: 6196a7a2ddfd3c45995ad3f65d5edc9f12229921c7d2a9d585260e0f946be06e
                                                                                                                    • Instruction ID: 79f66322ada9b429e1e9e7c0b4e3b5642e678aca27f2b583bbbf09d4ce53abd2
                                                                                                                    • Opcode Fuzzy Hash: 6196a7a2ddfd3c45995ad3f65d5edc9f12229921c7d2a9d585260e0f946be06e
                                                                                                                    • Instruction Fuzzy Hash: DA41C134E00249ABCF10DF68C845F9EBBB5BF44324F14815DE825AB392DB31AA05CBE0
                                                                                                                    Function 00D210B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00D2304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00D2307A
                                                                                                                      • Part of subcall function 00D2304E: _wcslen.LIBCMT ref: 00D2309B
                                                                                                                    • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 00D21112
                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00D21121
                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00D211C9
                                                                                                                    • closesocket.WSOCK32(00000000), ref: 00D211F9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2675159561-0
                                                                                                                    • Opcode ID: e54b79319fa914af6f36cf4be49695bcd4a50b96375fb824c1303343fae41a51
                                                                                                                    • Instruction ID: 7f2041e0c0c34e4fdc85a7525cd301b58e45f24c53967b18f6115ebafdf8c831
                                                                                                                    • Opcode Fuzzy Hash: e54b79319fa914af6f36cf4be49695bcd4a50b96375fb824c1303343fae41a51
                                                                                                                    • Instruction Fuzzy Hash: 2B410135600324AFDB119F24D884BAAB7A9EF61328F188018FD05AB281C770EE418BB1
                                                                                                                    Function 00D0CF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00D0DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00D0CF22,?), ref: 00D0DDFD
                                                                                                                      • Part of subcall function 00D0DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00D0CF22,?), ref: 00D0DE16
                                                                                                                    • lstrcmpiW.KERNEL32(?,?), ref: 00D0CF45
                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00D0CF7F
                                                                                                                    • _wcslen.LIBCMT ref: 00D0D005
                                                                                                                    • _wcslen.LIBCMT ref: 00D0D01B
                                                                                                                    • SHFileOperationW.SHELL32(?), ref: 00D0D061
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                    • String ID: \*.*
                                                                                                                    • API String ID: 3164238972-1173974218
                                                                                                                    • Opcode ID: 7e9ed8d60c803b17c292f908b15640bac0f2a173c90a3f79df53875cc1beae55
                                                                                                                    • Instruction ID: 3292391fafd17dbc7ae04cbba0e397bb126177e415d07a0adbc62297748b3ed8
                                                                                                                    • Opcode Fuzzy Hash: 7e9ed8d60c803b17c292f908b15640bac0f2a173c90a3f79df53875cc1beae55
                                                                                                                    • Instruction Fuzzy Hash: CF4158719452195FDF12EFA4D981FDE77B9EF48380F0410E6E509E7181EA34A648CB71
                                                                                                                    Function 00D32DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00D32E1C
                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00D32E4F
                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00D32E84
                                                                                                                    • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00D32EB6
                                                                                                                    • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00D32EE0
                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00D32EF1
                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00D32F0B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LongWindow$MessageSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2178440468-0
                                                                                                                    • Opcode ID: 5432cf751552a2084b7b05e60723376bcae83ed7bfe52ffc73ac21a54dfc7f7a
                                                                                                                    • Instruction ID: 1e9336710399018c01d1f5894496ecccf337bedb4a72c34923cf345dc9eba91a
                                                                                                                    • Opcode Fuzzy Hash: 5432cf751552a2084b7b05e60723376bcae83ed7bfe52ffc73ac21a54dfc7f7a
                                                                                                                    • Instruction Fuzzy Hash: AB310435A04250AFDB21CF58DC86F6537E1FB8AB10F191164FA14EF2B1CB71A881DB61
                                                                                                                    Function 00D07726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00D07769
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00D0778F
                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00D07792
                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 00D077B0
                                                                                                                    • SysFreeString.OLEAUT32(?), ref: 00D077B9
                                                                                                                    • StringFromGUID2.OLE32(?,?,00000028), ref: 00D077DE
                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 00D077EC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3761583154-0
                                                                                                                    • Opcode ID: f68dab29ac0c2aaebc89be9eeb6a1380cbe12e51443592a7c027ffce514fb2f7
                                                                                                                    • Instruction ID: 466131958b490df25031afe4abf74cb6d13b60df3dc570a7005340fba6590e71
                                                                                                                    • Opcode Fuzzy Hash: f68dab29ac0c2aaebc89be9eeb6a1380cbe12e51443592a7c027ffce514fb2f7
                                                                                                                    • Instruction Fuzzy Hash: 4421A776A04219AFDF10DFA8CC84DBB77ACEB497A4B048025F919DF291D670ED418770
                                                                                                                    Function 00D077FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00D07842
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 00D07868
                                                                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00D0786B
                                                                                                                    • SysAllocString.OLEAUT32 ref: 00D0788C
                                                                                                                    • SysFreeString.OLEAUT32 ref: 00D07895
                                                                                                                    • StringFromGUID2.OLE32(?,?,00000028), ref: 00D078AF
                                                                                                                    • SysAllocString.OLEAUT32(?), ref: 00D078BD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3761583154-0
                                                                                                                    • Opcode ID: 5bb59e0155e990251830c714b4bc59605a09ca6b282d86016c0c0138e57b67d9
                                                                                                                    • Instruction ID: a5e75e1e281dfd405b86a10f1ea4630fc7b7a3ed3c7b6a209efa6a0a021f51e0
                                                                                                                    • Opcode Fuzzy Hash: 5bb59e0155e990251830c714b4bc59605a09ca6b282d86016c0c0138e57b67d9
                                                                                                                    • Instruction Fuzzy Hash: 3E213036A08204AFDB109FA8DC89EAA77ACEB097607148125F919DB2A1D674FC41DB74
                                                                                                                    Function 00D104D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetStdHandle.KERNEL32(0000000C), ref: 00D104F2
                                                                                                                    • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00D1052E
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateHandlePipe
                                                                                                                    • String ID: nul
                                                                                                                    • API String ID: 1424370930-2873401336
                                                                                                                    • Opcode ID: e9ba8831fe9ecf8e37f418d8dd1a7147feb0c4c07e1a3ecdc0b077307de23220
                                                                                                                    • Instruction ID: dabab033b33445448af623a5334049e5c00e3aa7e4d6ebc5366f8641a157ff25
                                                                                                                    • Opcode Fuzzy Hash: e9ba8831fe9ecf8e37f418d8dd1a7147feb0c4c07e1a3ecdc0b077307de23220
                                                                                                                    • Instruction Fuzzy Hash: 1B212375500305ABEB206F69E844A9A7BB5AF44764F244A19E8A1E62D0DBB0D9D0CF30
                                                                                                                    Function 00D105A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 00D105C6
                                                                                                                    • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00D10601
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateHandlePipe
                                                                                                                    • String ID: nul
                                                                                                                    • API String ID: 1424370930-2873401336
                                                                                                                    • Opcode ID: f49e243773d8aaba0158590c0264c7fa92d0647c31e29f996bca43a4df9e12a8
                                                                                                                    • Instruction ID: 33bb9c96eb89b27a11dd46ed21bd7bfb1e57b9c8f72a952a5d6b1088a560390c
                                                                                                                    • Opcode Fuzzy Hash: f49e243773d8aaba0158590c0264c7fa92d0647c31e29f996bca43a4df9e12a8
                                                                                                                    • Instruction Fuzzy Hash: 64215B75500305ABDB106F69AC44ADA7BE4AF95720F244A19F8A1E72D0DBF099E0CB70
                                                                                                                    Function 00D340AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00CA604C
                                                                                                                      • Part of subcall function 00CA600E: GetStockObject.GDI32(00000011), ref: 00CA6060
                                                                                                                      • Part of subcall function 00CA600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00CA606A
                                                                                                                    • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00D34112
                                                                                                                    • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 00D3411F
                                                                                                                    • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00D3412A
                                                                                                                    • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00D34139
                                                                                                                    • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00D34145
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                    • String ID: Msctls_Progress32
                                                                                                                    • API String ID: 1025951953-3636473452
                                                                                                                    • Opcode ID: dc715b382e91c7498b8458d673ddd32566c8196221610b3b8866c6b1d330f496
                                                                                                                    • Instruction ID: 142e41f99ed52c0202fa9f44c7071c8ccb92468699675489657956a18b6ad284
                                                                                                                    • Opcode Fuzzy Hash: dc715b382e91c7498b8458d673ddd32566c8196221610b3b8866c6b1d330f496
                                                                                                                    • Instruction Fuzzy Hash: 391190B215021ABEEF118E64CC86EE77F5DEF08798F014111FA18A2150CA769C619BB4
                                                                                                                    Function 00CDD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CDD7A3: _free.LIBCMT ref: 00CDD7CC
                                                                                                                    • _free.LIBCMT ref: 00CDD82D
                                                                                                                      • Part of subcall function 00CD29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000), ref: 00CD29DE
                                                                                                                      • Part of subcall function 00CD29C8: GetLastError.KERNEL32(00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000,00000000), ref: 00CD29F0
                                                                                                                    • _free.LIBCMT ref: 00CDD838
                                                                                                                    • _free.LIBCMT ref: 00CDD843
                                                                                                                    • _free.LIBCMT ref: 00CDD897
                                                                                                                    • _free.LIBCMT ref: 00CDD8A2
                                                                                                                    • _free.LIBCMT ref: 00CDD8AD
                                                                                                                    • _free.LIBCMT ref: 00CDD8B8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 776569668-0
                                                                                                                    • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                    • Instruction ID: 9c8f76f65d9a0d3ad1aa7e4f36195f1cf5df6eb1ebf95f62db33ad2f5850a3e5
                                                                                                                    • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                    • Instruction Fuzzy Hash: 4B115E71940B04AAD621BFB0CC87FCB7BDCAF10700F4108A6B39EE6292DA65B505B660
                                                                                                                    Function 00D0DA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00D0DA74
                                                                                                                    • LoadStringW.USER32(00000000), ref: 00D0DA7B
                                                                                                                    • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00D0DA91
                                                                                                                    • LoadStringW.USER32(00000000), ref: 00D0DA98
                                                                                                                    • MessageBoxW.USER32(00000000,?,?,00011010), ref: 00D0DADC
                                                                                                                    Strings
                                                                                                                    • %s (%d) : ==> %s: %s %s, xrefs: 00D0DAB9
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HandleLoadModuleString$Message
                                                                                                                    • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                    • API String ID: 4072794657-3128320259
                                                                                                                    • Opcode ID: 849725f934f51805183a6606367678b65249e95522c8809794ac03c1839d45db
                                                                                                                    • Instruction ID: 1818614a406e4f1595f7cd42037dca6f9c4a6f39f0af186d5d95f7df3a1f0eee
                                                                                                                    • Opcode Fuzzy Hash: 849725f934f51805183a6606367678b65249e95522c8809794ac03c1839d45db
                                                                                                                    • Instruction Fuzzy Hash: 890162F29103087FE7109BA09D89EE7726CE708301F401496B746F2181EA749E848F74
                                                                                                                    Function 00D1096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InterlockedExchange.KERNEL32(012CD478,012CD478), ref: 00D1097B
                                                                                                                    • EnterCriticalSection.KERNEL32(012CD458,00000000), ref: 00D1098D
                                                                                                                    • TerminateThread.KERNEL32(?,000001F6), ref: 00D1099B
                                                                                                                    • WaitForSingleObject.KERNEL32(?,000003E8), ref: 00D109A9
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D109B8
                                                                                                                    • InterlockedExchange.KERNEL32(012CD478,000001F6), ref: 00D109C8
                                                                                                                    • LeaveCriticalSection.KERNEL32(012CD458), ref: 00D109CF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3495660284-0
                                                                                                                    • Opcode ID: 02cac1ba8982a6de120674ef6f0d1a20738b6bf04effdb499c9a697ee6a935a6
                                                                                                                    • Instruction ID: 0e7d518ff56801c3f7a2e9c12b45c3068cd2891d3f48251b3bd11bc49de482d1
                                                                                                                    • Opcode Fuzzy Hash: 02cac1ba8982a6de120674ef6f0d1a20738b6bf04effdb499c9a697ee6a935a6
                                                                                                                    • Instruction Fuzzy Hash: 2CF01D31552602BBD7415B94EE88AD67A25BF05702F442015F101A09A1CBB494B5CFA4
                                                                                                                    Function 00D21C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 00D21DC0
                                                                                                                    • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 00D21DE1
                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00D21DF2
                                                                                                                    • htons.WSOCK32(?,?,?,?,?), ref: 00D21EDB
                                                                                                                    • inet_ntoa.WSOCK32(?), ref: 00D21E8C
                                                                                                                      • Part of subcall function 00D039E8: _strlen.LIBCMT ref: 00D039F2
                                                                                                                      • Part of subcall function 00D23224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,00D1EC0C), ref: 00D23240
                                                                                                                    • _strlen.LIBCMT ref: 00D21F35
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3203458085-0
                                                                                                                    • Opcode ID: 857ed0e596ec47e226ab0df5f0b290820eabcae6a9f2c75cc4f6e94d3089a606
                                                                                                                    • Instruction ID: d62c6a1635275b5fee8ba3d798847a8aeab2284633010e5edc1c7aa24c888f9a
                                                                                                                    • Opcode Fuzzy Hash: 857ed0e596ec47e226ab0df5f0b290820eabcae6a9f2c75cc4f6e94d3089a606
                                                                                                                    • Instruction Fuzzy Hash: 19B1F135604311AFC324DF24D885E6A77E5AFA531CF58854CF4565B2E2CB31ED42CBA1
                                                                                                                    Function 00CA5D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetClientRect.USER32(?,?), ref: 00CA5D30
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00CA5D71
                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00CA5D99
                                                                                                                    • GetClientRect.USER32(?,?), ref: 00CA5ED7
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00CA5EF8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Rect$Client$Window$Screen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1296646539-0
                                                                                                                    • Opcode ID: 8e17328439945cd9082b436427e15faae0a4a2c4ecba97ebb3f5e18dcb95c883
                                                                                                                    • Instruction ID: a0754e94fbcf5f66c563b9ff04da816a0879478a8fd17e1217ca61b155c624bd
                                                                                                                    • Opcode Fuzzy Hash: 8e17328439945cd9082b436427e15faae0a4a2c4ecba97ebb3f5e18dcb95c883
                                                                                                                    • Instruction Fuzzy Hash: 24B18B75A00B8ADBDB14CFAAC4807EEB7F1FF58314F14941AE8A9D7250DB34AA41CB50
                                                                                                                    Function 00CD01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __allrem.LIBCMT ref: 00CD00BA
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CD00D6
                                                                                                                    • __allrem.LIBCMT ref: 00CD00ED
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CD010B
                                                                                                                    • __allrem.LIBCMT ref: 00CD0122
                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CD0140
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1992179935-0
                                                                                                                    • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                    • Instruction ID: 20148fe604c62e86bca5e8c82d160848b61030372067dde942d11f3a6b181f22
                                                                                                                    • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                    • Instruction Fuzzy Hash: 5581D372A00706ABE724AB6DCC42B6E73E9EF41364F25412FF661D7381E770EA419790
                                                                                                                    Function 00CD61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,00CC82D9,00CC82D9,?,?,?,00CD644F,00000001,00000001,8BE85006), ref: 00CD6258
                                                                                                                    • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,00CD644F,00000001,00000001,8BE85006,?,?,?), ref: 00CD62DE
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 00CD63D8
                                                                                                                    • __freea.LIBCMT ref: 00CD63E5
                                                                                                                      • Part of subcall function 00CD3820: RtlAllocateHeap.NTDLL(00000000,?,00D71444,?,00CBFDF5,?,?,00CAA976,00000010,00D71440,00CA13FC,?,00CA13C6,?,00CA1129), ref: 00CD3852
                                                                                                                    • __freea.LIBCMT ref: 00CD63EE
                                                                                                                    • __freea.LIBCMT ref: 00CD6413
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1414292761-0
                                                                                                                    • Opcode ID: f14ea15bf5d1829040f72d7fc49aa2179e886de527b84c3c52c68d408e1e76d3
                                                                                                                    • Instruction ID: eebf55673c44fc407f7fb25f3e1ce060ab239131f20eccb6cd7e6648c36c7b2a
                                                                                                                    • Opcode Fuzzy Hash: f14ea15bf5d1829040f72d7fc49aa2179e886de527b84c3c52c68d408e1e76d3
                                                                                                                    • Instruction Fuzzy Hash: 8D51F272600216ABDB258F64CC81EBF7BA9EF44710F15422AFF15D7291EB34DD40D660
                                                                                                                    Function 00D2BBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD
                                                                                                                      • Part of subcall function 00D2C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00D2B6AE,?,?), ref: 00D2C9B5
                                                                                                                      • Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2C9F1
                                                                                                                      • Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2CA68
                                                                                                                      • Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2CA9E
                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00D2BCCA
                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00D2BD25
                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00D2BD6A
                                                                                                                    • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 00D2BD99
                                                                                                                    • RegCloseKey.ADVAPI32(?,?,00000000), ref: 00D2BDF3
                                                                                                                    • RegCloseKey.ADVAPI32(?), ref: 00D2BDFF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1120388591-0
                                                                                                                    • Opcode ID: 09818724727a5f93f0cef5d1bcf3234c6b54b31c67a0d4f15f5824b376be430c
                                                                                                                    • Instruction ID: b63abb8a09ed082b8ded185169e8698e929ef433cb058fc10bb69a6b24eb8845
                                                                                                                    • Opcode Fuzzy Hash: 09818724727a5f93f0cef5d1bcf3234c6b54b31c67a0d4f15f5824b376be430c
                                                                                                                    • Instruction Fuzzy Hash: 2381B130108241AFC714DF24C885E6ABBE5FF8531CF14895DF4968B2A2CB71ED45DBA2
                                                                                                                    Function 00CFF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • VariantInit.OLEAUT32(00000035), ref: 00CFF7B9
                                                                                                                    • SysAllocString.OLEAUT32(00000001), ref: 00CFF860
                                                                                                                    • VariantCopy.OLEAUT32(00CFFA64,00000000), ref: 00CFF889
                                                                                                                    • VariantClear.OLEAUT32(00CFFA64), ref: 00CFF8AD
                                                                                                                    • VariantCopy.OLEAUT32(00CFFA64,00000000), ref: 00CFF8B1
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00CFF8BB
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3859894641-0
                                                                                                                    • Opcode ID: 85a6defc74ad6a0a591d6114cc54851fd46b5c8b9badef13ad86a9776cdc80d6
                                                                                                                    • Instruction ID: 1826281ead472c9c8c427c139d568064e4cba95c74e47a7b0c5f0f2e0b53805e
                                                                                                                    • Opcode Fuzzy Hash: 85a6defc74ad6a0a591d6114cc54851fd46b5c8b9badef13ad86a9776cdc80d6
                                                                                                                    • Instruction Fuzzy Hash: E3510731500318BBCF64AF65D895B39B3A4EF45310F20946EEA01DF292DBB08D42E767
                                                                                                                    Function 00D1910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA7620: _wcslen.LIBCMT ref: 00CA7625
                                                                                                                      • Part of subcall function 00CA6B57: _wcslen.LIBCMT ref: 00CA6B6A
                                                                                                                    • GetOpenFileNameW.COMDLG32(00000058), ref: 00D194E5
                                                                                                                    • _wcslen.LIBCMT ref: 00D19506
                                                                                                                    • _wcslen.LIBCMT ref: 00D1952D
                                                                                                                    • GetSaveFileNameW.COMDLG32(00000058), ref: 00D19585
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$FileName$OpenSave
                                                                                                                    • String ID: X
                                                                                                                    • API String ID: 83654149-3081909835
                                                                                                                    • Opcode ID: 2787821f39bc4bd9f3c3db10b8d5d90145a155fdc9cc6a3ec31e72dcc2f9ecae
                                                                                                                    • Instruction ID: b7cdeeaf50010c859db31902b72d9a470d6e88c0b2dc3ce40e948270ef60e132
                                                                                                                    • Opcode Fuzzy Hash: 2787821f39bc4bd9f3c3db10b8d5d90145a155fdc9cc6a3ec31e72dcc2f9ecae
                                                                                                                    • Instruction Fuzzy Hash: A8E1C2315083419FD714DF24D8A1AAAB7E5FF85314F08896CF8999B2A2DB30DD45CBA2
                                                                                                                    Function 00CB920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00CB9BB2
                                                                                                                    • BeginPaint.USER32(?,?,?), ref: 00CB9241
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00CB92A5
                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00CB92C2
                                                                                                                    • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00CB92D3
                                                                                                                    • EndPaint.USER32(?,?,?,?,?), ref: 00CB9321
                                                                                                                    • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00CF71EA
                                                                                                                      • Part of subcall function 00CB9339: BeginPath.GDI32(00000000), ref: 00CB9357
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3050599898-0
                                                                                                                    • Opcode ID: c688d54c957739f79b4d813fe666915a9abeca04e0561aabbe9b8792d84b92c6
                                                                                                                    • Instruction ID: dc52275d7ca2977ae85af3eb07a3c1a4296b3aa8f9ca02028471a2e1a515d24a
                                                                                                                    • Opcode Fuzzy Hash: c688d54c957739f79b4d813fe666915a9abeca04e0561aabbe9b8792d84b92c6
                                                                                                                    • Instruction Fuzzy Hash: BF418E75104300AFD721DF29CC85FBA7BB8EB45320F144229FA69D72B2D7319945DB62
                                                                                                                    Function 00D107EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InterlockedExchange.KERNEL32(?,000001F5), ref: 00D1080C
                                                                                                                    • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 00D10847
                                                                                                                    • EnterCriticalSection.KERNEL32(?), ref: 00D10863
                                                                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 00D108DC
                                                                                                                    • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 00D108F3
                                                                                                                    • InterlockedExchange.KERNEL32(?,000001F6), ref: 00D10921
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3368777196-0
                                                                                                                    • Opcode ID: a8dcb4a96c8d6911025e40ddeed50e0f9ff919f5ceccae82cf2a1cabc817e52c
                                                                                                                    • Instruction ID: d2103dd28191303bdb56847e7600b3f68f609d41326df0b6bf2fb64e8d0a5f16
                                                                                                                    • Opcode Fuzzy Hash: a8dcb4a96c8d6911025e40ddeed50e0f9ff919f5ceccae82cf2a1cabc817e52c
                                                                                                                    • Instruction Fuzzy Hash: CB414C71900205EBDF14AF64DC85AAA7BB9FF04310F1440A9ED04EA297DB70DEA5DBB4
                                                                                                                    Function 00D381DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,00CFF3AB,00000000,?,?,00000000,?,00CF682C,00000004,00000000,00000000), ref: 00D3824C
                                                                                                                    • EnableWindow.USER32(?,00000000), ref: 00D38272
                                                                                                                    • ShowWindow.USER32(FFFFFFFF,00000000), ref: 00D382D1
                                                                                                                    • ShowWindow.USER32(?,00000004), ref: 00D382E5
                                                                                                                    • EnableWindow.USER32(?,00000001), ref: 00D3830B
                                                                                                                    • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 00D3832F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Show$Enable$MessageSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 642888154-0
                                                                                                                    • Opcode ID: ff304004494824cfc8796788594f8583ea073a04add3fe20b338e00038619c97
                                                                                                                    • Instruction ID: a2295e4b097e3b518d5a8dd074473de6706daf65f8af990c985d572e69c08675
                                                                                                                    • Opcode Fuzzy Hash: ff304004494824cfc8796788594f8583ea073a04add3fe20b338e00038619c97
                                                                                                                    • Instruction Fuzzy Hash: F9418238601744AFDB11CF15CC99BA57BE0BB0A715F185269FA189B362CB31A841DF74
                                                                                                                    Function 00D04C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • IsWindowVisible.USER32(?), ref: 00D04C95
                                                                                                                    • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00D04CB2
                                                                                                                    • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 00D04CEA
                                                                                                                    • _wcslen.LIBCMT ref: 00D04D08
                                                                                                                    • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 00D04D10
                                                                                                                    • _wcsstr.LIBVCRUNTIME ref: 00D04D1A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 72514467-0
                                                                                                                    • Opcode ID: 87edfc494ecdc265577f95bd2e5587e9355453581aaf20c43a61352e97fd2eaf
                                                                                                                    • Instruction ID: 5995524bce0c381c5b3413c5682a2d18134a55fa23be86879e596bfceecec5bc
                                                                                                                    • Opcode Fuzzy Hash: 87edfc494ecdc265577f95bd2e5587e9355453581aaf20c43a61352e97fd2eaf
                                                                                                                    • Instruction Fuzzy Hash: 6921D4B2204240BBEB259B39EC4AF7B7B9CDF45750F14802DF909DA2A1EA61DD0197B0
                                                                                                                    Function 00D1581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA3AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00CA3A97,?,?,00CA2E7F,?,?,?,00000000), ref: 00CA3AC2
                                                                                                                    • _wcslen.LIBCMT ref: 00D1587B
                                                                                                                    • CoInitialize.OLE32(00000000), ref: 00D15995
                                                                                                                    • CoCreateInstance.OLE32(00D3FCF8,00000000,00000001,00D3FB68,?), ref: 00D159AE
                                                                                                                    • CoUninitialize.OLE32 ref: 00D159CC
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                    • String ID: .lnk
                                                                                                                    • API String ID: 3172280962-24824748
                                                                                                                    • Opcode ID: 06953c8f141235da9b73fc2cd24e35ed511fd4683bfda4ecbb135d93fa9b702e
                                                                                                                    • Instruction ID: 076d7c53523feeda9c2d3f293344d187d416ab1b93f8021b7603dec52f005cb8
                                                                                                                    • Opcode Fuzzy Hash: 06953c8f141235da9b73fc2cd24e35ed511fd4683bfda4ecbb135d93fa9b702e
                                                                                                                    • Instruction Fuzzy Hash: 1AD15370608701EFC704DF14E480A6ABBE1FF89714F148959F88A9B361DB35EC85CBA2
                                                                                                                    Function 00D0175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00D00FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00D00FCA
                                                                                                                      • Part of subcall function 00D00FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00D00FD6
                                                                                                                      • Part of subcall function 00D00FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00D00FE5
                                                                                                                      • Part of subcall function 00D00FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00D00FEC
                                                                                                                      • Part of subcall function 00D00FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00D01002
                                                                                                                    • GetLengthSid.ADVAPI32(?,00000000,00D01335), ref: 00D017AE
                                                                                                                    • GetProcessHeap.KERNEL32(00000008,00000000), ref: 00D017BA
                                                                                                                    • HeapAlloc.KERNEL32(00000000), ref: 00D017C1
                                                                                                                    • CopySid.ADVAPI32(00000000,00000000,?), ref: 00D017DA
                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000,00D01335), ref: 00D017EE
                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00D017F5
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3008561057-0
                                                                                                                    • Opcode ID: a742ce3875973dea7758351765c9ca25ffa9c6ff28de0351bffdb39684190854
                                                                                                                    • Instruction ID: 2a291171ac8d1fc9694d885c7ee68287bde9428875b6937df7560ee1425c6373
                                                                                                                    • Opcode Fuzzy Hash: a742ce3875973dea7758351765c9ca25ffa9c6ff28de0351bffdb39684190854
                                                                                                                    • Instruction Fuzzy Hash: 33119736610305EBDB149FA4CC49BAE7BA9FB96355F144018F489E7290C736A944DB70
                                                                                                                    Function 00D014CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 00D014FF
                                                                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 00D01506
                                                                                                                    • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 00D01515
                                                                                                                    • CloseHandle.KERNEL32(00000004), ref: 00D01520
                                                                                                                    • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00D0154F
                                                                                                                    • DestroyEnvironmentBlock.USERENV(00000000), ref: 00D01563
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1413079979-0
                                                                                                                    • Opcode ID: b12637f4755c6b2e32c6af51da7ab4220d3fea1eb1921abc1454fc15db9ab110
                                                                                                                    • Instruction ID: dc01bbda9795ac6e22d40afdf5c45d451fe2dee73d10ea0af39174eccd50f352
                                                                                                                    • Opcode Fuzzy Hash: b12637f4755c6b2e32c6af51da7ab4220d3fea1eb1921abc1454fc15db9ab110
                                                                                                                    • Instruction Fuzzy Hash: A4112676500249ABDF118FA8DD49BDE7BA9FF48748F084029FA09A21A0C375CE64DB70
                                                                                                                    Function 00CC3382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLastError.KERNEL32(?,?,00CC3379,00CC2FE5), ref: 00CC3390
                                                                                                                    • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 00CC339E
                                                                                                                    • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 00CC33B7
                                                                                                                    • SetLastError.KERNEL32(00000000,?,00CC3379,00CC2FE5), ref: 00CC3409
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLastValue___vcrt_
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3852720340-0
                                                                                                                    • Opcode ID: 6663b7b0529ad61bbeca1c8dc2e19a88bbc3912442083f953586b576b00be311
                                                                                                                    • Instruction ID: 774cd82d96fafb0d16c17ed50716a410c45269ff50fee2ca6633811507e8cbf8
                                                                                                                    • Opcode Fuzzy Hash: 6663b7b0529ad61bbeca1c8dc2e19a88bbc3912442083f953586b576b00be311
                                                                                                                    • Instruction Fuzzy Hash: 2301243261C3D1BEA7286774FC95F6A2A94EB0537A320822EF520C13F0EF554E0362A4
                                                                                                                    Function 00CD2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLastError.KERNEL32(?,?,00CD5686,00CE3CD6,?,00000000,?,00CD5B6A,?,?,?,?,?,00CCE6D1,?,00D68A48), ref: 00CD2D78
                                                                                                                    • _free.LIBCMT ref: 00CD2DAB
                                                                                                                    • _free.LIBCMT ref: 00CD2DD3
                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,?,?,00CCE6D1,?,00D68A48,00000010,00CA4F4A,?,?,00000000,00CE3CD6), ref: 00CD2DE0
                                                                                                                    • SetLastError.KERNEL32(00000000,?,?,?,?,00CCE6D1,?,00D68A48,00000010,00CA4F4A,?,?,00000000,00CE3CD6), ref: 00CD2DEC
                                                                                                                    • _abort.LIBCMT ref: 00CD2DF2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$_free$_abort
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3160817290-0
                                                                                                                    • Opcode ID: e981df1a4c95a2e72e38a1b2853886ba10e79255c175a3a363c3b3b24a197a37
                                                                                                                    • Instruction ID: 27e093bb8263a0abcdb923a3e6caebe7ad2d8df6bf28789e9330835e843e2e99
                                                                                                                    • Opcode Fuzzy Hash: e981df1a4c95a2e72e38a1b2853886ba10e79255c175a3a363c3b3b24a197a37
                                                                                                                    • Instruction Fuzzy Hash: 1BF0CD315047006BC2123735BC06E1B25576FE27A1F244417F774D23D2EF64C901B271
                                                                                                                    Function 00D38A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CB9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00CB9693
                                                                                                                      • Part of subcall function 00CB9639: SelectObject.GDI32(?,00000000), ref: 00CB96A2
                                                                                                                      • Part of subcall function 00CB9639: BeginPath.GDI32(?), ref: 00CB96B9
                                                                                                                      • Part of subcall function 00CB9639: SelectObject.GDI32(?,00000000), ref: 00CB96E2
                                                                                                                    • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00D38A4E
                                                                                                                    • LineTo.GDI32(?,00000003,00000000), ref: 00D38A62
                                                                                                                    • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00D38A70
                                                                                                                    • LineTo.GDI32(?,00000000,00000003), ref: 00D38A80
                                                                                                                    • EndPath.GDI32(?), ref: 00D38A90
                                                                                                                    • StrokePath.GDI32(?), ref: 00D38AA0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 43455801-0
                                                                                                                    • Opcode ID: 1d6162eb7ff96e4c8ac81dafe0294b5d134d1f46df6c4e0ce4938cb77eabc1b5
                                                                                                                    • Instruction ID: 793be9a8e735f3a1ba004a2a5f1b866b28535fcec2c5ebc7046dc4fc2fab55f2
                                                                                                                    • Opcode Fuzzy Hash: 1d6162eb7ff96e4c8ac81dafe0294b5d134d1f46df6c4e0ce4938cb77eabc1b5
                                                                                                                    • Instruction Fuzzy Hash: 5611CC7600024DFFDB119F94DC48E9A7F6DEB04394F048011FA19992A1D7719D55DF70
                                                                                                                    Function 00D051FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetDC.USER32(00000000), ref: 00D05218
                                                                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 00D05229
                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00D05230
                                                                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00D05238
                                                                                                                    • MulDiv.KERNEL32(000009EC,?,00000000), ref: 00D0524F
                                                                                                                    • MulDiv.KERNEL32(000009EC,00000001,?), ref: 00D05261
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CapsDevice$Release
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1035833867-0
                                                                                                                    • Opcode ID: 60c1ac9d04359ac702d24d741653848bd5f51a3ac7cbc63ebc831c7cf5da0f08
                                                                                                                    • Instruction ID: 4d0d6ca3ef160f4285d45088554748c0c5bee8eaff8088e1ab50000fe24df0a9
                                                                                                                    • Opcode Fuzzy Hash: 60c1ac9d04359ac702d24d741653848bd5f51a3ac7cbc63ebc831c7cf5da0f08
                                                                                                                    • Instruction Fuzzy Hash: 6B014F75A01718BBEB109BB59C49B5EBFB8EF48751F044065FA04E7391D6709800CFA0
                                                                                                                    Function 00CA1BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00CA1BF4
                                                                                                                    • MapVirtualKeyW.USER32(00000010,00000000), ref: 00CA1BFC
                                                                                                                    • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00CA1C07
                                                                                                                    • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00CA1C12
                                                                                                                    • MapVirtualKeyW.USER32(00000011,00000000), ref: 00CA1C1A
                                                                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00CA1C22
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Virtual
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4278518827-0
                                                                                                                    • Opcode ID: 509188e85aa1e674254545e1307ba7aa38d97b23f57ff0b9f8df1e9b2ad106b3
                                                                                                                    • Instruction ID: c60a1872bd21924f459413a8547c5217f314be2134e2c22986853fb7c8f97dc6
                                                                                                                    • Opcode Fuzzy Hash: 509188e85aa1e674254545e1307ba7aa38d97b23f57ff0b9f8df1e9b2ad106b3
                                                                                                                    • Instruction Fuzzy Hash: A9016CB09027597DE3008F5A8C85B52FFA8FF19354F00411B915C47A41C7F5A864CBE5
                                                                                                                    Function 00D0EB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00D0EB30
                                                                                                                    • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 00D0EB46
                                                                                                                    • GetWindowThreadProcessId.USER32(?,?), ref: 00D0EB55
                                                                                                                    • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00D0EB64
                                                                                                                    • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00D0EB6E
                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00D0EB75
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 839392675-0
                                                                                                                    • Opcode ID: 7b877070ca9ba3bf0df01f026811fe72217610dd405e608274eb7b5bdc0268d3
                                                                                                                    • Instruction ID: 51502012c48213b98661105c10e7e267d72a3b65d8485b45517608d5b4fe4122
                                                                                                                    • Opcode Fuzzy Hash: 7b877070ca9ba3bf0df01f026811fe72217610dd405e608274eb7b5bdc0268d3
                                                                                                                    • Instruction Fuzzy Hash: D1F03A72250258BBE7215B629C0EEEF3A7CEFCAB11F005158F601E12A1D7A05A01D7B5
                                                                                                                    Function 00CF7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetClientRect.USER32(?), ref: 00CF7452
                                                                                                                    • SendMessageW.USER32(?,00001328,00000000,?), ref: 00CF7469
                                                                                                                    • GetWindowDC.USER32(?), ref: 00CF7475
                                                                                                                    • GetPixel.GDI32(00000000,?,?), ref: 00CF7484
                                                                                                                    • ReleaseDC.USER32(?,00000000), ref: 00CF7496
                                                                                                                    • GetSysColor.USER32(00000005), ref: 00CF74B0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 272304278-0
                                                                                                                    • Opcode ID: 3ac0e1bc85ffa09283a60b023ac6e26c9dadf150b848529214d535bd645644c9
                                                                                                                    • Instruction ID: 9bd3520be954a6e5d1fa44c0ab259cb43c9e29a462735e61a0b36879924a01d6
                                                                                                                    • Opcode Fuzzy Hash: 3ac0e1bc85ffa09283a60b023ac6e26c9dadf150b848529214d535bd645644c9
                                                                                                                    • Instruction Fuzzy Hash: 24012831410619EFEB515FA4DC09BAA7BB5FB04311F511164FA25E22B1CB311E51EF61
                                                                                                                    Function 00D01874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00D0187F
                                                                                                                    • UnloadUserProfile.USERENV(?,?), ref: 00D0188B
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D01894
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D0189C
                                                                                                                    • GetProcessHeap.KERNEL32(00000000,?), ref: 00D018A5
                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00D018AC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 146765662-0
                                                                                                                    • Opcode ID: ca9537a4e9af77d9ad471cef2e416d76d2ef22ecfb78e22a75f40258ee700e9d
                                                                                                                    • Instruction ID: 2a81f2267b3e70c2af33791e4fa24d5fd91ec7df70d6543333ea38adf6d45be4
                                                                                                                    • Opcode Fuzzy Hash: ca9537a4e9af77d9ad471cef2e416d76d2ef22ecfb78e22a75f40258ee700e9d
                                                                                                                    • Instruction Fuzzy Hash: C7E0E576114301BBDB015FA1ED0C90ABF39FF59B22B109220F225E1270CB329430EF60
                                                                                                                    Function 00D0C5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA7620: _wcslen.LIBCMT ref: 00CA7625
                                                                                                                    • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00D0C6EE
                                                                                                                    • _wcslen.LIBCMT ref: 00D0C735
                                                                                                                    • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00D0C79C
                                                                                                                    • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00D0C7CA
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 1227352736-4108050209
                                                                                                                    • Opcode ID: 1a952df5772303e8878fdb91deefe2a2923b2ac9eb01ebf5d9f29b3866adfd56
                                                                                                                    • Instruction ID: bff68fd031d1fe04459d976a9827f0499d9a65bf6a32f1e79d4a222c063f9158
                                                                                                                    • Opcode Fuzzy Hash: 1a952df5772303e8878fdb91deefe2a2923b2ac9eb01ebf5d9f29b3866adfd56
                                                                                                                    • Instruction Fuzzy Hash: B751B1716243019BD7259F28C885B6B77E8AF85314F082B2DF999D32E0EB70D9059B72
                                                                                                                    Function 00D0719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 00D07206
                                                                                                                    • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 00D0723C
                                                                                                                    • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 00D0724D
                                                                                                                    • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 00D072CF
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                    • String ID: DllGetClassObject
                                                                                                                    • API String ID: 753597075-1075368562
                                                                                                                    • Opcode ID: b271808846749c84d469998942c1ed74800927cb24c58f25a5fb2fba83cc61bf
                                                                                                                    • Instruction ID: e3768a7272bbf0953397218f91b29fdbc5a9f3c5a37acd2e063531aa4728f037
                                                                                                                    • Opcode Fuzzy Hash: b271808846749c84d469998942c1ed74800927cb24c58f25a5fb2fba83cc61bf
                                                                                                                    • Instruction Fuzzy Hash: 73413BB1E04204AFDB15CF64C884B9A7BA9EF44310F1580A9BD099F28AD7B1ED45DBB4
                                                                                                                    Function 00D33D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00D33E35
                                                                                                                    • IsMenu.USER32(?), ref: 00D33E4A
                                                                                                                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00D33E92
                                                                                                                    • DrawMenuBar.USER32 ref: 00D33EA5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Menu$Item$DrawInfoInsert
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 3076010158-4108050209
                                                                                                                    • Opcode ID: 27dfc4b6aa8a2a3d4fad9d074cc4c0144572bb3f9dcc399b3738d50f9a143899
                                                                                                                    • Instruction ID: 99c3ed3e848fae70d937adf9537e3e754ff999ff2180c4fadd0a8607d7c974ff
                                                                                                                    • Opcode Fuzzy Hash: 27dfc4b6aa8a2a3d4fad9d074cc4c0144572bb3f9dcc399b3738d50f9a143899
                                                                                                                    • Instruction Fuzzy Hash: C44165B5A00249AFDB10DF64D984EAABBB9FF48350F084229F915AB350D730EE41CF60
                                                                                                                    Function 00D01DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD
                                                                                                                      • Part of subcall function 00D03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D03CCA
                                                                                                                    • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00D01E66
                                                                                                                    • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00D01E79
                                                                                                                    • SendMessageW.USER32(?,00000189,?,00000000), ref: 00D01EA9
                                                                                                                      • Part of subcall function 00CA6B57: _wcslen.LIBCMT ref: 00CA6B6A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$_wcslen$ClassName
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 2081771294-1403004172
                                                                                                                    • Opcode ID: 7e15953cc33607575167e6c2a121431b165d60cc1d1970900fc4c2db26729445
                                                                                                                    • Instruction ID: a058f2fc7a654b6e3137a04a6e68e9c4553adb0d2bc7a8af622c0d57a47e8e5a
                                                                                                                    • Opcode Fuzzy Hash: 7e15953cc33607575167e6c2a121431b165d60cc1d1970900fc4c2db26729445
                                                                                                                    • Instruction Fuzzy Hash: 5221D875A00104BFDB14AB64DC46DFFB7B9EF46364F144119F829A72E1DB34490AA730
                                                                                                                    Function 00D32F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00D32F8D
                                                                                                                    • LoadLibraryW.KERNEL32(?), ref: 00D32F94
                                                                                                                    • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00D32FA9
                                                                                                                    • DestroyWindow.USER32(?), ref: 00D32FB1
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                    • String ID: SysAnimate32
                                                                                                                    • API String ID: 3529120543-1011021900
                                                                                                                    • Opcode ID: 97486f1dae90cc57ee38fd726fcbf68587161be5dd173d7dd95c74e4d98f3954
                                                                                                                    • Instruction ID: f374eaba48fe0de8807ed7c3de9b604d7a87f8e0b0c896fed16a0dc6d639c48e
                                                                                                                    • Opcode Fuzzy Hash: 97486f1dae90cc57ee38fd726fcbf68587161be5dd173d7dd95c74e4d98f3954
                                                                                                                    • Instruction Fuzzy Hash: DF21AC72A04209ABEB104F66DC81EBB77B9EF59368F140228FA50E22A0D771DC919770
                                                                                                                    Function 00CC4D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00CC4D1E,00CD28E9,?,00CC4CBE,00CD28E9,00D688B8,0000000C,00CC4E15,00CD28E9,00000002), ref: 00CC4D8D
                                                                                                                    • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00CC4DA0
                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,?,00CC4D1E,00CD28E9,?,00CC4CBE,00CD28E9,00D688B8,0000000C,00CC4E15,00CD28E9,00000002,00000000), ref: 00CC4DC3
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                    • String ID: CorExitProcess$mscoree.dll
                                                                                                                    • API String ID: 4061214504-1276376045
                                                                                                                    • Opcode ID: a37f1785eae4daf5f2553776f6fa061c3c51939c9555b8ab710e5ad873fd9cfe
                                                                                                                    • Instruction ID: dbaa1617779cb4faf79125ededa5c62f5ea4de1e89efe2590f9c3a4ee97928b6
                                                                                                                    • Opcode Fuzzy Hash: a37f1785eae4daf5f2553776f6fa061c3c51939c9555b8ab710e5ad873fd9cfe
                                                                                                                    • Instruction Fuzzy Hash: EFF04F35A50308BBDB159F90DC49FADBFB5EF44751F0041A8F906E2260CB705A44DBE1
                                                                                                                    Function 00CFD3A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadLibraryA.KERNEL32 ref: 00CFD3AD
                                                                                                                    • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 00CFD3BF
                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00CFD3E5
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                    • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                    • API String ID: 145871493-2590602151
                                                                                                                    • Opcode ID: 4aba517fd10991d77468d0740e9f5dc867178d65095abb1e1d09bfdfae53f129
                                                                                                                    • Instruction ID: 9996c3edc682493d97e48cd21357732e97043378d829cc6d477771f627d050b8
                                                                                                                    • Opcode Fuzzy Hash: 4aba517fd10991d77468d0740e9f5dc867178d65095abb1e1d09bfdfae53f129
                                                                                                                    • Instruction Fuzzy Hash: 68F020358067289BE7F11B118C489793221AF00B01F519148EB13F2224DB20CE48ABE3
                                                                                                                    Function 00CA4E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00CA4EDD,?,00D71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00CA4E9C
                                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00CA4EAE
                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00CA4EDD,?,00D71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00CA4EC0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                    • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                    • API String ID: 145871493-3689287502
                                                                                                                    • Opcode ID: dabe7110163c6e9b30b1beac8e410e7ed59be267503943751a16c5737c4f640c
                                                                                                                    • Instruction ID: 6016597591e8e7fb7522552a87e7828c9e8282217169146ed9b1480157a6974b
                                                                                                                    • Opcode Fuzzy Hash: dabe7110163c6e9b30b1beac8e410e7ed59be267503943751a16c5737c4f640c
                                                                                                                    • Instruction Fuzzy Hash: 9BE08C36A127235B92221B25AC18A6BA658AFC2B66B090115FC01F2240DBA0CE0692F1
                                                                                                                    Function 00CA4E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00CE3CDE,?,00D71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00CA4E62
                                                                                                                    • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00CA4E74
                                                                                                                    • FreeLibrary.KERNEL32(00000000,?,?,00CE3CDE,?,00D71418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00CA4E87
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Library$AddressFreeLoadProc
                                                                                                                    • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                    • API String ID: 145871493-1355242751
                                                                                                                    • Opcode ID: d78241873623b0ec02900c74663c8e7f46fa58bdb99ba3a1f09053497a4e1ebe
                                                                                                                    • Instruction ID: c7007111b1ffd2ad23836e76d64fd140578782d830959a9074938dee15e984d5
                                                                                                                    • Opcode Fuzzy Hash: d78241873623b0ec02900c74663c8e7f46fa58bdb99ba3a1f09053497a4e1ebe
                                                                                                                    • Instruction Fuzzy Hash: 46D012365127225B56261B257C1CD8BAA58AFC6B553051515B915F2254CFA0CE0196F0
                                                                                                                    Function 00D12947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00D12C05
                                                                                                                    • DeleteFileW.KERNEL32(?), ref: 00D12C87
                                                                                                                    • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00D12C9D
                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00D12CAE
                                                                                                                    • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00D12CC0
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$Delete$Copy
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3226157194-0
                                                                                                                    • Opcode ID: 5617d12301ee3ae0e2680dce217699a6cac8deca4d3e792b2479265510a13a9e
                                                                                                                    • Instruction ID: 76ffd07998001f5910d26348173bb80dd025bb16cc9228c8f25ea7439038fea1
                                                                                                                    • Opcode Fuzzy Hash: 5617d12301ee3ae0e2680dce217699a6cac8deca4d3e792b2479265510a13a9e
                                                                                                                    • Instruction Fuzzy Hash: 35B16D71900119BBDF21DBA4DD85EEEB7BDEF09350F0040AAF609E6141EA319A949FB0
                                                                                                                    Function 00D2A387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCurrentProcessId.KERNEL32 ref: 00D2A427
                                                                                                                    • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 00D2A435
                                                                                                                    • GetProcessIoCounters.KERNEL32(00000000,?), ref: 00D2A468
                                                                                                                    • CloseHandle.KERNEL32(?), ref: 00D2A63D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3488606520-0
                                                                                                                    • Opcode ID: 9bc99fccd780edc9c3d90855a654ad8c0d7519c0724b55ab5ceac51da8262fce
                                                                                                                    • Instruction ID: 9e7685ceb8ab68eccb4a0d4a92dd426865cf4292ed0d70dc9aaeb8a291f50ccf
                                                                                                                    • Opcode Fuzzy Hash: 9bc99fccd780edc9c3d90855a654ad8c0d7519c0724b55ab5ceac51da8262fce
                                                                                                                    • Instruction Fuzzy Hash: F8A1BF716047019FD720DF28D882F2AB7E1EF94718F18881DF59A9B392D7B0EC418B92
                                                                                                                    Function 00CDBB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00D43700), ref: 00CDBB91
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00D7121C,000000FF,00000000,0000003F,00000000,?,?), ref: 00CDBC09
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00D71270,000000FF,?,0000003F,00000000,?), ref: 00CDBC36
                                                                                                                    • _free.LIBCMT ref: 00CDBB7F
                                                                                                                      • Part of subcall function 00CD29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000), ref: 00CD29DE
                                                                                                                      • Part of subcall function 00CD29C8: GetLastError.KERNEL32(00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000,00000000), ref: 00CD29F0
                                                                                                                    • _free.LIBCMT ref: 00CDBD4B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1286116820-0
                                                                                                                    • Opcode ID: 45c1b52a0b28d54db202e8f09f55bde5f7189dcb4bc15c4ceccfb2d55003895c
                                                                                                                    • Instruction ID: 90fc5ad709cf8d55de2938bf1b0779f234a922c24b2692997c740210ed137b3a
                                                                                                                    • Opcode Fuzzy Hash: 45c1b52a0b28d54db202e8f09f55bde5f7189dcb4bc15c4ceccfb2d55003895c
                                                                                                                    • Instruction Fuzzy Hash: 5D51A775900309EFCB10EF69DC429AEB7B8FF44350B11426BE664D73A1EB709E41AB64
                                                                                                                    Function 00D0E3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00D0DDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00D0CF22,?), ref: 00D0DDFD
                                                                                                                      • Part of subcall function 00D0DDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00D0CF22,?), ref: 00D0DE16
                                                                                                                      • Part of subcall function 00D0E199: GetFileAttributesW.KERNEL32(?,00D0CF95), ref: 00D0E19A
                                                                                                                    • lstrcmpiW.KERNEL32(?,?), ref: 00D0E473
                                                                                                                    • MoveFileW.KERNEL32(?,?), ref: 00D0E4AC
                                                                                                                    • _wcslen.LIBCMT ref: 00D0E5EB
                                                                                                                    • _wcslen.LIBCMT ref: 00D0E603
                                                                                                                    • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 00D0E650
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3183298772-0
                                                                                                                    • Opcode ID: d58b0e9a176ef3dd577c0ea625eec690d981b1d03b034cdaefc5e6128c7c0c59
                                                                                                                    • Instruction ID: 2f3231109560774d10c89bc8c170eb8b82a71720f86778278358ebb500bc9170
                                                                                                                    • Opcode Fuzzy Hash: d58b0e9a176ef3dd577c0ea625eec690d981b1d03b034cdaefc5e6128c7c0c59
                                                                                                                    • Instruction Fuzzy Hash: 0E515DB24083459BC724EB90D885ADBB3ECEF85344F04492EE589D3191EE75E6888776
                                                                                                                    Function 00D2B9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD
                                                                                                                      • Part of subcall function 00D2C998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,00D2B6AE,?,?), ref: 00D2C9B5
                                                                                                                      • Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2C9F1
                                                                                                                      • Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2CA68
                                                                                                                      • Part of subcall function 00D2C998: _wcslen.LIBCMT ref: 00D2CA9E
                                                                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 00D2BAA5
                                                                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00D2BB00
                                                                                                                    • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 00D2BB63
                                                                                                                    • RegCloseKey.ADVAPI32(?,?), ref: 00D2BBA6
                                                                                                                    • RegCloseKey.ADVAPI32(00000000), ref: 00D2BBB3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 826366716-0
                                                                                                                    • Opcode ID: 5922a9612a071e4faff79d5080aa147969a69a7b9b5aea24fc0b84199e727047
                                                                                                                    • Instruction ID: 6860fc62510c74813bd03d92603b2e4941a5b0ee43f0bab088ae384ff9c7354d
                                                                                                                    • Opcode Fuzzy Hash: 5922a9612a071e4faff79d5080aa147969a69a7b9b5aea24fc0b84199e727047
                                                                                                                    • Instruction Fuzzy Hash: C761C131208241AFC314DF24D491E2ABBE5FF8531CF18859DF4998B2A2CB71ED45CBA2
                                                                                                                    Function 00D08BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • VariantInit.OLEAUT32(?), ref: 00D08BCD
                                                                                                                    • VariantClear.OLEAUT32 ref: 00D08C3E
                                                                                                                    • VariantClear.OLEAUT32 ref: 00D08C9D
                                                                                                                    • VariantClear.OLEAUT32(?), ref: 00D08D10
                                                                                                                    • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00D08D3B
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$Clear$ChangeInitType
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4136290138-0
                                                                                                                    • Opcode ID: 4365a203392ebd9bcdeeec561f59c061453d597604926dc0cb683991783aa5b3
                                                                                                                    • Instruction ID: b594b44ee96fd3673e31e7b2fcd025eb534d718c677cf23cf67d17815a06722f
                                                                                                                    • Opcode Fuzzy Hash: 4365a203392ebd9bcdeeec561f59c061453d597604926dc0cb683991783aa5b3
                                                                                                                    • Instruction Fuzzy Hash: 18517BB5A10219EFCB10CF68C884AAAB7F8FF89310B158559F949DB350E730E911CFA0
                                                                                                                    Function 00D18AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 00D18BAE
                                                                                                                    • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 00D18BDA
                                                                                                                    • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 00D18C32
                                                                                                                    • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 00D18C57
                                                                                                                    • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 00D18C5F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: PrivateProfile$SectionWrite$String
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2832842796-0
                                                                                                                    • Opcode ID: e975dedc2670a31e5eff758907517aab04a764202119b2cb366e01df936dcd59
                                                                                                                    • Instruction ID: d5ac5d38e2ca0e0dc86a5d26f2891d3f2620a17dd400e4d01a54d80745da5391
                                                                                                                    • Opcode Fuzzy Hash: e975dedc2670a31e5eff758907517aab04a764202119b2cb366e01df936dcd59
                                                                                                                    • Instruction Fuzzy Hash: C5513D35A00215EFCB05DF64C881AAEBBF5FF49314F088458E849AB362DB35ED51DBA0
                                                                                                                    Function 00D28EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadLibraryW.KERNEL32(?,00000000,?), ref: 00D28F40
                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00D28FD0
                                                                                                                    • GetProcAddress.KERNEL32(00000000,00000000), ref: 00D28FEC
                                                                                                                    • GetProcAddress.KERNEL32(00000000,?), ref: 00D29032
                                                                                                                    • FreeLibrary.KERNEL32(00000000), ref: 00D29052
                                                                                                                      • Part of subcall function 00CBF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,00D11043,?,7529E610), ref: 00CBF6E6
                                                                                                                      • Part of subcall function 00CBF6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00CFFA64,00000000,00000000,?,?,00D11043,?,7529E610,?,00CFFA64), ref: 00CBF70D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 666041331-0
                                                                                                                    • Opcode ID: 0af289bc0413c090767f1c9778ca2ff79e760a84c9eba991badf50da6f33f42b
                                                                                                                    • Instruction ID: f52c133e1ea2768cca703656777bd3e0413012951488eaec977016bbf38c0873
                                                                                                                    • Opcode Fuzzy Hash: 0af289bc0413c090767f1c9778ca2ff79e760a84c9eba991badf50da6f33f42b
                                                                                                                    • Instruction Fuzzy Hash: A8515E35601215DFC711DF54C5958ADBBF1FF59318F088099E805AB362DB31ED85DBA0
                                                                                                                    Function 00D36B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00D36C33
                                                                                                                    • SetWindowLongW.USER32(?,000000EC,?), ref: 00D36C4A
                                                                                                                    • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00D36C73
                                                                                                                    • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,00D1AB79,00000000,00000000), ref: 00D36C98
                                                                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00D36CC7
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Long$MessageSendShow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3688381893-0
                                                                                                                    • Opcode ID: 2a7465e6e28db5f54778f2015787dc2fdd14efac40cc266f0b4ba78f1dbe830c
                                                                                                                    • Instruction ID: 4f9e81a9a51a62041db956ad65b480f31603c7d9619a59880927e565b69a7019
                                                                                                                    • Opcode Fuzzy Hash: 2a7465e6e28db5f54778f2015787dc2fdd14efac40cc266f0b4ba78f1dbe830c
                                                                                                                    • Instruction Fuzzy Hash: F641A135604204BFDB24CF28CC59FA9BFA5EB09350F189268F999E73A0C371ED41DA60
                                                                                                                    Function 00CD2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 269201875-0
                                                                                                                    • Opcode ID: 633b5991d2840a0a663d5e598aeee0a45e444b72e728eea3f8ef59689c430909
                                                                                                                    • Instruction ID: 5cb37b8d6af40b88971b676091959f3577f62561bc258645c896fc444b9b5ac7
                                                                                                                    • Opcode Fuzzy Hash: 633b5991d2840a0a663d5e598aeee0a45e444b72e728eea3f8ef59689c430909
                                                                                                                    • Instruction Fuzzy Hash: 6441C532A00200AFCB24DF78C981A6DB7F5EF99314F1585AAE615EB395D731EE01DB90
                                                                                                                    Function 00CB912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCursorPos.USER32(?), ref: 00CB9141
                                                                                                                    • ScreenToClient.USER32(00000000,?), ref: 00CB915E
                                                                                                                    • GetAsyncKeyState.USER32(00000001), ref: 00CB9183
                                                                                                                    • GetAsyncKeyState.USER32(00000002), ref: 00CB919D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: AsyncState$ClientCursorScreen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4210589936-0
                                                                                                                    • Opcode ID: 5d0ab9c641882ccdcb0ed90c0e4fe432b4055e9b85a4ec7df3c3b07632ff549e
                                                                                                                    • Instruction ID: 6e4b7998e2bfbff69254cfc82cbfb9ff9a1458e98c9e4647f4f3ab002884c378
                                                                                                                    • Opcode Fuzzy Hash: 5d0ab9c641882ccdcb0ed90c0e4fe432b4055e9b85a4ec7df3c3b07632ff549e
                                                                                                                    • Instruction Fuzzy Hash: F9414F71A0861AFBDF159F68C848BFEB774FF05320F208319E529A7290C7346A54DBA1
                                                                                                                    Function 00D13874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetInputState.USER32 ref: 00D138CB
                                                                                                                    • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00D13922
                                                                                                                    • TranslateMessage.USER32(?), ref: 00D1394B
                                                                                                                    • DispatchMessageW.USER32(?), ref: 00D13955
                                                                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00D13966
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2256411358-0
                                                                                                                    • Opcode ID: cd7dea54140cb41aa2f96caa1dad567bb5877a196bda01dfe46c7f79cc26232a
                                                                                                                    • Instruction ID: 5c1d365670e9578d120a92dd9ba0c16dbe322310d69df4d022365c6aa24c92a7
                                                                                                                    • Opcode Fuzzy Hash: cd7dea54140cb41aa2f96caa1dad567bb5877a196bda01dfe46c7f79cc26232a
                                                                                                                    • Instruction Fuzzy Hash: 15318874504341BEEB35CB38B849BF63BA4EB05304F080669E4A6D6290EBB496C5CF71
                                                                                                                    Function 00D1CF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 00D1CF38
                                                                                                                    • InternetReadFile.WININET(?,00000000,?,?), ref: 00D1CF6F
                                                                                                                    • GetLastError.KERNEL32(?,00000000,?,?,?,00D1C21E,00000000), ref: 00D1CFB4
                                                                                                                    • SetEvent.KERNEL32(?,?,00000000,?,?,?,00D1C21E,00000000), ref: 00D1CFC8
                                                                                                                    • SetEvent.KERNEL32(?,?,00000000,?,?,?,00D1C21E,00000000), ref: 00D1CFF2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3191363074-0
                                                                                                                    • Opcode ID: a214456dbf4f5078d618261b1f1105a16e92ed6f6eb8888fead83364d9675628
                                                                                                                    • Instruction ID: fe6017d6206f9cb5125fd065b162e56bb0e3e9c9b41caf936106685594351893
                                                                                                                    • Opcode Fuzzy Hash: a214456dbf4f5078d618261b1f1105a16e92ed6f6eb8888fead83364d9675628
                                                                                                                    • Instruction Fuzzy Hash: 29315A71555305BFDB20DFA5E884AABBBF9EF14310B14542EF516E2240EB30EE829B70
                                                                                                                    Function 00D01901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00D01915
                                                                                                                    • PostMessageW.USER32(00000001,00000201,00000001), ref: 00D019C1
                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?), ref: 00D019C9
                                                                                                                    • PostMessageW.USER32(00000001,00000202,00000000), ref: 00D019DA
                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?), ref: 00D019E2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessagePostSleep$RectWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3382505437-0
                                                                                                                    • Opcode ID: f8ec66b58def82654fc39190000cc120b195f5cc7e8e2c4f52df6109fd7b351e
                                                                                                                    • Instruction ID: 68b18c8fac297497bd7bca5efca5927f30533d8f01b4497f4c65276cc4d32148
                                                                                                                    • Opcode Fuzzy Hash: f8ec66b58def82654fc39190000cc120b195f5cc7e8e2c4f52df6109fd7b351e
                                                                                                                    • Instruction Fuzzy Hash: 88319C75A00219EFCB00CFA8DD99BDE3BB5EB05315F144229F965E72D1C7709944DBA0
                                                                                                                    Function 00D35706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00D35745
                                                                                                                    • SendMessageW.USER32(?,00001074,?,00000001), ref: 00D3579D
                                                                                                                    • _wcslen.LIBCMT ref: 00D357AF
                                                                                                                    • _wcslen.LIBCMT ref: 00D357BA
                                                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00D35816
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 763830540-0
                                                                                                                    • Opcode ID: e3239d4b75e1f22b9cdd51a82afd326a8b77c5c6ac18ce18732d3ec85df82a6a
                                                                                                                    • Instruction ID: a5ce9f790be53cc4f6e307e72f64b673095f3129dd2491c40e01cc532b253cba
                                                                                                                    • Opcode Fuzzy Hash: e3239d4b75e1f22b9cdd51a82afd326a8b77c5c6ac18ce18732d3ec85df82a6a
                                                                                                                    • Instruction Fuzzy Hash: DC21A571904618DADB208F64EC85AED77B8FF05320F148216E919EA284D770C985CF70
                                                                                                                    Function 00D20930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • IsWindow.USER32(00000000), ref: 00D20951
                                                                                                                    • GetForegroundWindow.USER32 ref: 00D20968
                                                                                                                    • GetDC.USER32(00000000), ref: 00D209A4
                                                                                                                    • GetPixel.GDI32(00000000,?,00000003), ref: 00D209B0
                                                                                                                    • ReleaseDC.USER32(00000000,00000003), ref: 00D209E8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$ForegroundPixelRelease
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4156661090-0
                                                                                                                    • Opcode ID: 652bcbec2064d793c62cf7c763af27df9656ebd5132a0c99df8fc766d58fdbe4
                                                                                                                    • Instruction ID: 50840dea883d88d993d5ef81c64ca6c4910505f1dc59afccf71074be5d4f9e08
                                                                                                                    • Opcode Fuzzy Hash: 652bcbec2064d793c62cf7c763af27df9656ebd5132a0c99df8fc766d58fdbe4
                                                                                                                    • Instruction Fuzzy Hash: 83216F35A00214AFD704EF69D885AAEBBE9EF45704F048068F84AE7762CB30EC44DB60
                                                                                                                    Function 00CDCDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetEnvironmentStringsW.KERNEL32 ref: 00CDCDC6
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00CDCDE9
                                                                                                                      • Part of subcall function 00CD3820: RtlAllocateHeap.NTDLL(00000000,?,00D71444,?,00CBFDF5,?,?,00CAA976,00000010,00D71440,00CA13FC,?,00CA13C6,?,00CA1129), ref: 00CD3852
                                                                                                                    • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 00CDCE0F
                                                                                                                    • _free.LIBCMT ref: 00CDCE22
                                                                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 00CDCE31
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 336800556-0
                                                                                                                    • Opcode ID: f294e641565c33c54303c021ce63ebab68dc519727d3574dc7ebcc25d8475433
                                                                                                                    • Instruction ID: f4ccee8bfd43d1fde4375063ed2fc6f1b5539412da56ecc7a455988c3a57b4ca
                                                                                                                    • Opcode Fuzzy Hash: f294e641565c33c54303c021ce63ebab68dc519727d3574dc7ebcc25d8475433
                                                                                                                    • Instruction Fuzzy Hash: 640184B26013167F272116BB6CC8D7BBA6DDEC6BA1315012BFA15D7701EA618E01E2B0
                                                                                                                    Function 00CB9639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00CB9693
                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00CB96A2
                                                                                                                    • BeginPath.GDI32(?), ref: 00CB96B9
                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00CB96E2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ObjectSelect$BeginCreatePath
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3225163088-0
                                                                                                                    • Opcode ID: 73f19f14f871451f53f431c5b1c17d1c276cd8c4d4e085eb7cb7786820db93ae
                                                                                                                    • Instruction ID: cfdda9bf872d8f56d48dddc2aad32cc7bd35a49b97d94753b661a6ad366238c1
                                                                                                                    • Opcode Fuzzy Hash: 73f19f14f871451f53f431c5b1c17d1c276cd8c4d4e085eb7cb7786820db93ae
                                                                                                                    • Instruction Fuzzy Hash: F8217F35812305EBDB119F29DC197E97BB8FB10355F100316F628E62B0E3709996DFA0
                                                                                                                    Function 00D05711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _memcmp
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2931989736-0
                                                                                                                    • Opcode ID: 2bf01e8cb456f56bb2d309baee88e8ab706d38f0c82a9602ac630cdc19e414a6
                                                                                                                    • Instruction ID: e179099bd8a9f403cd3a0a1fd6f8d5bb254a7dae10daa45c573b58a424cb4738
                                                                                                                    • Opcode Fuzzy Hash: 2bf01e8cb456f56bb2d309baee88e8ab706d38f0c82a9602ac630cdc19e414a6
                                                                                                                    • Instruction Fuzzy Hash: 3101BE61641609BFD7189611EE81FBB735C9FA2358F1C4024FD0C5A1C5F760ED14A6B1
                                                                                                                    Function 00CD2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetLastError.KERNEL32(?,?,?,00CCF2DE,00CD3863,00D71444,?,00CBFDF5,?,?,00CAA976,00000010,00D71440,00CA13FC,?,00CA13C6), ref: 00CD2DFD
                                                                                                                    • _free.LIBCMT ref: 00CD2E32
                                                                                                                    • _free.LIBCMT ref: 00CD2E59
                                                                                                                    • SetLastError.KERNEL32(00000000,00CA1129), ref: 00CD2E66
                                                                                                                    • SetLastError.KERNEL32(00000000,00CA1129), ref: 00CD2E6F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$_free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3170660625-0
                                                                                                                    • Opcode ID: f63c696287517817bcb34d6c6b4012c19a27fe690e4975b6f0bfe2d8620e7edb
                                                                                                                    • Instruction ID: ded48248167df5121d10be0891f46440f75f78f2abb7d452d11ea624c4c8fc7c
                                                                                                                    • Opcode Fuzzy Hash: f63c696287517817bcb34d6c6b4012c19a27fe690e4975b6f0bfe2d8620e7edb
                                                                                                                    • Instruction Fuzzy Hash: 2F01D1326057006B861227356C45D2B2759ABE13A3B24442BF775E2792EAA4CD016130
                                                                                                                    Function 00D0000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,00CFFF41,80070057,?,?,?,00D0035E), ref: 00D0002B
                                                                                                                    • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00CFFF41,80070057,?,?), ref: 00D00046
                                                                                                                    • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00CFFF41,80070057,?,?), ref: 00D00054
                                                                                                                    • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00CFFF41,80070057,?), ref: 00D00064
                                                                                                                    • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,00CFFF41,80070057,?,?), ref: 00D00070
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3897988419-0
                                                                                                                    • Opcode ID: 26c4818e630c48796a4255c4cca3c53834892f726200da86d06c77f836a21ab8
                                                                                                                    • Instruction ID: 9a704889ea81dc86bf5a909d37aca91db5250af712eb2cb972f2db9e6223a87a
                                                                                                                    • Opcode Fuzzy Hash: 26c4818e630c48796a4255c4cca3c53834892f726200da86d06c77f836a21ab8
                                                                                                                    • Instruction Fuzzy Hash: 2D018F76610304BFDB104F68DC08BAA7EADEB48792F145124F909E2250DB71DE408BB0
                                                                                                                    Function 00D0E97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00D0E997
                                                                                                                    • QueryPerformanceFrequency.KERNEL32(?), ref: 00D0E9A5
                                                                                                                    • Sleep.KERNEL32(00000000), ref: 00D0E9AD
                                                                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 00D0E9B7
                                                                                                                    • Sleep.KERNEL32 ref: 00D0E9F3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2833360925-0
                                                                                                                    • Opcode ID: 83933fe337fdb6cc1e847e0cdaf0cef872ac24e2632ab09394d2268226c0abd4
                                                                                                                    • Instruction ID: becd122e78c95907f2a6f665acbb3ddcacda4e49b3cedba092a2d2e3c5794744
                                                                                                                    • Opcode Fuzzy Hash: 83933fe337fdb6cc1e847e0cdaf0cef872ac24e2632ab09394d2268226c0abd4
                                                                                                                    • Instruction Fuzzy Hash: DA011731D01629DBCF00ABE6ED59BEDFB78FB09701F000956E946B2291CB7096549BB1
                                                                                                                    Function 00D010F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 00D01114
                                                                                                                    • GetLastError.KERNEL32(?,00000000,00000000,?,?,00D00B9B,?,?,?), ref: 00D01120
                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,00D00B9B,?,?,?), ref: 00D0112F
                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,00D00B9B,?,?,?), ref: 00D01136
                                                                                                                    • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00D0114D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 842720411-0
                                                                                                                    • Opcode ID: a037454f72b31d6b2349edce8019a0f03e3b193a09ebdd1fcddee65763679665
                                                                                                                    • Instruction ID: d818a71aa53f9ed42daf077cdb7a2743b85444cc7cdc2adb76691de38fad9d7a
                                                                                                                    • Opcode Fuzzy Hash: a037454f72b31d6b2349edce8019a0f03e3b193a09ebdd1fcddee65763679665
                                                                                                                    • Instruction Fuzzy Hash: DC011979210315BFDB154FA5DC49A6A3B6EEF893A0B244419FA49E73A0DA31DC009B70
                                                                                                                    Function 00D00FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 00D00FCA
                                                                                                                    • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 00D00FD6
                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 00D00FE5
                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 00D00FEC
                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 00D01002
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 44706859-0
                                                                                                                    • Opcode ID: ae44524099765b2b52c5ddb3765836f9e758c572fcea9754191346a049409459
                                                                                                                    • Instruction ID: fde9e87755b6bec3d6e7c4f91bbadab9b2de530bd4a500df23392c733f4e48ca
                                                                                                                    • Opcode Fuzzy Hash: ae44524099765b2b52c5ddb3765836f9e758c572fcea9754191346a049409459
                                                                                                                    • Instruction Fuzzy Hash: AAF04939210302ABDB224FA49C4AF5A3BADEF89762F144414FA89E7391CA70DC508B70
                                                                                                                    Function 00D01014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00D0102A
                                                                                                                    • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00D01036
                                                                                                                    • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00D01045
                                                                                                                    • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00D0104C
                                                                                                                    • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00D01062
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 44706859-0
                                                                                                                    • Opcode ID: 5f8892fa2ab18bf55f5c3850bcc32059cc18b32e071c90f6451773f895df3d9d
                                                                                                                    • Instruction ID: 952c53ef3ead99a5fe1467449a917d66fa50d8203abb71546d8f43cb0c5270f1
                                                                                                                    • Opcode Fuzzy Hash: 5f8892fa2ab18bf55f5c3850bcc32059cc18b32e071c90f6451773f895df3d9d
                                                                                                                    • Instruction Fuzzy Hash: E2F06D39210301EBDB215FA4EC4AF563BADEF89761F140418FA89E7390CA70D8508B70
                                                                                                                    Function 00D1030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00D1017D,?,00D132FC,?,00000001,00CE2592,?), ref: 00D10324
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00D1017D,?,00D132FC,?,00000001,00CE2592,?), ref: 00D10331
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00D1017D,?,00D132FC,?,00000001,00CE2592,?), ref: 00D1033E
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00D1017D,?,00D132FC,?,00000001,00CE2592,?), ref: 00D1034B
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00D1017D,?,00D132FC,?,00000001,00CE2592,?), ref: 00D10358
                                                                                                                    • CloseHandle.KERNEL32(?,?,?,?,00D1017D,?,00D132FC,?,00000001,00CE2592,?), ref: 00D10365
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseHandle
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2962429428-0
                                                                                                                    • Opcode ID: 7c02d725690dffe70a213d9a16980f75ba7841f11d2855dddc842dea5a09bee1
                                                                                                                    • Instruction ID: 9a19aef2626f04e0ba42911a41c4e0e59c478513f481c60b2c17b61bc4342328
                                                                                                                    • Opcode Fuzzy Hash: 7c02d725690dffe70a213d9a16980f75ba7841f11d2855dddc842dea5a09bee1
                                                                                                                    • Instruction Fuzzy Hash: 7401A272800B15AFC730AF66E880452FBF9BF503153198A3FD1A652931C7B1A995DF90
                                                                                                                    Function 00CDD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _free.LIBCMT ref: 00CDD752
                                                                                                                      • Part of subcall function 00CD29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000), ref: 00CD29DE
                                                                                                                      • Part of subcall function 00CD29C8: GetLastError.KERNEL32(00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000,00000000), ref: 00CD29F0
                                                                                                                    • _free.LIBCMT ref: 00CDD764
                                                                                                                    • _free.LIBCMT ref: 00CDD776
                                                                                                                    • _free.LIBCMT ref: 00CDD788
                                                                                                                    • _free.LIBCMT ref: 00CDD79A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 776569668-0
                                                                                                                    • Opcode ID: 121bb96e487f32cfac66901736bfa74da37ae2f3b75630302f2fecf794591731
                                                                                                                    • Instruction ID: 07c47b4cfcfc2669e4e56b88127c269f35b40e47b4a79780e4b1ce3e47abf65c
                                                                                                                    • Opcode Fuzzy Hash: 121bb96e487f32cfac66901736bfa74da37ae2f3b75630302f2fecf794591731
                                                                                                                    • Instruction Fuzzy Hash: D6F09632950304AB8621FB64F9C1C2677DDBB44310B951C47F2A9D7705C730FC809A70
                                                                                                                    Function 00D05C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetDlgItem.USER32(?,000003E9), ref: 00D05C58
                                                                                                                    • GetWindowTextW.USER32(00000000,?,00000100), ref: 00D05C6F
                                                                                                                    • MessageBeep.USER32(00000000), ref: 00D05C87
                                                                                                                    • KillTimer.USER32(?,0000040A), ref: 00D05CA3
                                                                                                                    • EndDialog.USER32(?,00000001), ref: 00D05CBD
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3741023627-0
                                                                                                                    • Opcode ID: 817360b744b80f63ea25731d489f3cba832025a703153af05a36dd5dda2e6dd4
                                                                                                                    • Instruction ID: 47ce51fec2d8491a0bfe1201125f2b5650420dd3135ee55e5d20bd7940acf3af
                                                                                                                    • Opcode Fuzzy Hash: 817360b744b80f63ea25731d489f3cba832025a703153af05a36dd5dda2e6dd4
                                                                                                                    • Instruction Fuzzy Hash: 0A016D31510B04ABFB215B10EE4FFA67BB8BB00B05F042559A987B11E1DBF4A984CFA4
                                                                                                                    Function 00CD22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _free.LIBCMT ref: 00CD22BE
                                                                                                                      • Part of subcall function 00CD29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000), ref: 00CD29DE
                                                                                                                      • Part of subcall function 00CD29C8: GetLastError.KERNEL32(00000000,?,00CDD7D1,00000000,00000000,00000000,00000000,?,00CDD7F8,00000000,00000007,00000000,?,00CDDBF5,00000000,00000000), ref: 00CD29F0
                                                                                                                    • _free.LIBCMT ref: 00CD22D0
                                                                                                                    • _free.LIBCMT ref: 00CD22E3
                                                                                                                    • _free.LIBCMT ref: 00CD22F4
                                                                                                                    • _free.LIBCMT ref: 00CD2305
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 776569668-0
                                                                                                                    • Opcode ID: 640d16d9d53646841d2c3c1e9b74d5e7045d01e285000f85d1d92d996953a7d1
                                                                                                                    • Instruction ID: 5c7ecf497af1a8b4224326145596209b74f16681b7a3a84e43301159dc436b55
                                                                                                                    • Opcode Fuzzy Hash: 640d16d9d53646841d2c3c1e9b74d5e7045d01e285000f85d1d92d996953a7d1
                                                                                                                    • Instruction Fuzzy Hash: 31F03A74810320CB8622BF68BC128187F64BB28760700160BF618D33B2EB700991BBB8
                                                                                                                    Function 00CB95C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • EndPath.GDI32(?), ref: 00CB95D4
                                                                                                                    • StrokeAndFillPath.GDI32(?,?,00CF71F7,00000000,?,?,?), ref: 00CB95F0
                                                                                                                    • SelectObject.GDI32(?,00000000), ref: 00CB9603
                                                                                                                    • DeleteObject.GDI32 ref: 00CB9616
                                                                                                                    • StrokePath.GDI32(?), ref: 00CB9631
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2625713937-0
                                                                                                                    • Opcode ID: 7052b8df5670a45896dbf1a9b43f20eb02deccf6895bb57e1e06ee4dfbef6438
                                                                                                                    • Instruction ID: dac40fc6769256e10b86d0cbe731b8300a37ba115ef0986a1bd21749f256c3d8
                                                                                                                    • Opcode Fuzzy Hash: 7052b8df5670a45896dbf1a9b43f20eb02deccf6895bb57e1e06ee4dfbef6438
                                                                                                                    • Instruction Fuzzy Hash: 44F0B639016344EBDB265F69ED187A43B65EB01362F048314F679E52F0E7308A96DF31
                                                                                                                    Function 00CD0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __freea$_free
                                                                                                                    • String ID: a/p$am/pm
                                                                                                                    • API String ID: 3432400110-3206640213
                                                                                                                    • Opcode ID: e39da1a7d59c4f85fe88327ae11a42436c2382651e4642389584c8cbd722fbd0
                                                                                                                    • Instruction ID: b50a6cfb02bc00edc6652b35965a438c09d4f8d9b1a2d2130ce8c823b6c9027e
                                                                                                                    • Opcode Fuzzy Hash: e39da1a7d59c4f85fe88327ae11a42436c2382651e4642389584c8cbd722fbd0
                                                                                                                    • Instruction Fuzzy Hash: 85D1D031900246EADB28AF69C855BBEB7B1EF05300F2C415BEF219B761D3759E80CB91
                                                                                                                    Function 00D27B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CC0242: EnterCriticalSection.KERNEL32(00D7070C,00D71884,?,?,00CB198B,00D72518,?,?,?,00CA12F9,00000000), ref: 00CC024D
                                                                                                                      • Part of subcall function 00CC0242: LeaveCriticalSection.KERNEL32(00D7070C,?,00CB198B,00D72518,?,?,?,00CA12F9,00000000), ref: 00CC028A
                                                                                                                      • Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD
                                                                                                                      • Part of subcall function 00CC00A3: __onexit.LIBCMT ref: 00CC00A9
                                                                                                                    • __Init_thread_footer.LIBCMT ref: 00D27BFB
                                                                                                                      • Part of subcall function 00CC01F8: EnterCriticalSection.KERNEL32(00D7070C,?,?,00CB8747,00D72514), ref: 00CC0202
                                                                                                                      • Part of subcall function 00CC01F8: LeaveCriticalSection.KERNEL32(00D7070C,?,00CB8747,00D72514), ref: 00CC0235
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                    • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                                    • API String ID: 535116098-3733170431
                                                                                                                    • Opcode ID: 335bc519da00b22377bf2f93d0fc7ac992b2e89990d1ed9fa3707203770bc133
                                                                                                                    • Instruction ID: ea3ff171e32484dde63211f58f7a32767b38ea00b43d026e8c6aa42f851bca72
                                                                                                                    • Opcode Fuzzy Hash: 335bc519da00b22377bf2f93d0fc7ac992b2e89990d1ed9fa3707203770bc133
                                                                                                                    • Instruction Fuzzy Hash: 0091AC70A04219EFCB24EF54E881DADB7B1FF55308F148059F846AB292DB31AE45DB71
                                                                                                                    Function 00D02716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00D0B403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00D021D0,?,?,00000034,00000800,?,00000034), ref: 00D0B42D
                                                                                                                    • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 00D02760
                                                                                                                      • Part of subcall function 00D0B3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00D021FF,?,?,00000800,?,00001073,00000000,?,?), ref: 00D0B3F8
                                                                                                                      • Part of subcall function 00D0B32A: GetWindowThreadProcessId.USER32(?,?), ref: 00D0B355
                                                                                                                      • Part of subcall function 00D0B32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,00D02194,00000034,?,?,00001004,00000000,00000000), ref: 00D0B365
                                                                                                                      • Part of subcall function 00D0B32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,00D02194,00000034,?,?,00001004,00000000,00000000), ref: 00D0B37B
                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00D027CD
                                                                                                                    • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 00D0281A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                    • String ID: @
                                                                                                                    • API String ID: 4150878124-2766056989
                                                                                                                    • Opcode ID: d05331d6d84fbf2828d69e3ecbbbad90db1bca363f615f2fb35bc90643789fb0
                                                                                                                    • Instruction ID: 3d3cd7f8284dbcbd068e7c523539ec90ffeffa25299d3d829cda246412052f4d
                                                                                                                    • Opcode Fuzzy Hash: d05331d6d84fbf2828d69e3ecbbbad90db1bca363f615f2fb35bc90643789fb0
                                                                                                                    • Instruction Fuzzy Hash: EF412B76901218AFDB10DFA4CD86BEEBBB8EF09310F148055FA59B7191DB706E45CBA0
                                                                                                                    Function 00CD172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\file.exe,00000104), ref: 00CD1769
                                                                                                                    • _free.LIBCMT ref: 00CD1834
                                                                                                                    • _free.LIBCMT ref: 00CD183E
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free$FileModuleName
                                                                                                                    • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                    • API String ID: 2506810119-517116171
                                                                                                                    • Opcode ID: 79e7b51217b91eb6b308d6476d73db104f33e570ba66e5b4c7b1adb8dbb2761c
                                                                                                                    • Instruction ID: 795ef62424904a9a78c24a1808206e1b89789b377a4b39208e965ba09969e18d
                                                                                                                    • Opcode Fuzzy Hash: 79e7b51217b91eb6b308d6476d73db104f33e570ba66e5b4c7b1adb8dbb2761c
                                                                                                                    • Instruction Fuzzy Hash: 75319175A00208FBDB21DF99DC85D9EBBFCEB85310B19416BFA04D7351E6708A40EBA0
                                                                                                                    Function 00D0C27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 00D0C306
                                                                                                                    • DeleteMenu.USER32(?,00000007,00000000), ref: 00D0C34C
                                                                                                                    • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00D71990,012D5798), ref: 00D0C395
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Menu$Delete$InfoItem
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 135850232-4108050209
                                                                                                                    • Opcode ID: 383f56fb9084f34b178d9727c78668b35165a10272b85b5c4340c7e948dcc667
                                                                                                                    • Instruction ID: bcd42ea82c81dbf48de4a2d9a4981f75b107712143ad6570c6f2e0a6f964a3a2
                                                                                                                    • Opcode Fuzzy Hash: 383f56fb9084f34b178d9727c78668b35165a10272b85b5c4340c7e948dcc667
                                                                                                                    • Instruction Fuzzy Hash: 33417C312243029FD720DF25D885B5ABBA8EB85320F149B1EF9A9972D1D770A904CB72
                                                                                                                    Function 00D34416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,00D3CC08,00000000,?,?,?,?), ref: 00D344AA
                                                                                                                    • GetWindowLongW.USER32 ref: 00D344C7
                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00D344D7
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Long
                                                                                                                    • String ID: SysTreeView32
                                                                                                                    • API String ID: 847901565-1698111956
                                                                                                                    • Opcode ID: c33f98cb34699359307810443f50006ba5c51560a415573d1f0e0fcebf011abb
                                                                                                                    • Instruction ID: 7d897c9bad34e6184374ab0ef1a3fe41ec684f272468f89a95cf6722defd6a9d
                                                                                                                    • Opcode Fuzzy Hash: c33f98cb34699359307810443f50006ba5c51560a415573d1f0e0fcebf011abb
                                                                                                                    • Instruction Fuzzy Hash: B4318D32210205AFDB209F38DC45BEA77A9EB09334F244725F975E22E0D7B4EC509760
                                                                                                                    Function 00D2304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00D2335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,00D23077,?,?), ref: 00D23378
                                                                                                                    • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 00D2307A
                                                                                                                    • _wcslen.LIBCMT ref: 00D2309B
                                                                                                                    • htons.WSOCK32(00000000,?,?,00000000), ref: 00D23106
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                    • String ID: 255.255.255.255
                                                                                                                    • API String ID: 946324512-2422070025
                                                                                                                    • Opcode ID: e90d6dac6ff85d59865307209324a80b398a4dbc1f8b9fa7d4fc23ccb746e82a
                                                                                                                    • Instruction ID: 6c22941f4c53e3917ae4582ae9e5b9ebf12fbcf77a5c550a37a5a45dac0ffdf3
                                                                                                                    • Opcode Fuzzy Hash: e90d6dac6ff85d59865307209324a80b398a4dbc1f8b9fa7d4fc23ccb746e82a
                                                                                                                    • Instruction Fuzzy Hash: 2231B0352043259FCB10CF68D586EAA77E0EF6531CF288059E9158B392DB7AEE41C770
                                                                                                                    Function 00D33EB8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 89windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00D33F40
                                                                                                                    • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00D33F54
                                                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00D33F78
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$Window
                                                                                                                    • String ID: SysMonthCal32
                                                                                                                    • API String ID: 2326795674-1439706946
                                                                                                                    • Opcode ID: 0fc154524f66b534e24a00a89e50665dc677e2ae2a76bb3037c7dfe4658fc770
                                                                                                                    • Instruction ID: a96daaacaa707d11be42d1e548bccd56ec7bbf03f3fe50b1e0354a3528e34db1
                                                                                                                    • Opcode Fuzzy Hash: 0fc154524f66b534e24a00a89e50665dc677e2ae2a76bb3037c7dfe4658fc770
                                                                                                                    • Instruction Fuzzy Hash: E021BC32610219BFDF218F50CC46FEA3B79EF48724F150214FA19BB1D0D6B1A8908BA0
                                                                                                                    Function 00D34653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00D34705
                                                                                                                    • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00D34713
                                                                                                                    • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 00D3471A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$DestroyWindow
                                                                                                                    • String ID: msctls_updown32
                                                                                                                    • API String ID: 4014797782-2298589950
                                                                                                                    • Opcode ID: 5cfab165068162f9da1252805a6d1f49e4a980d87e7719c24cecd47f345d4aba
                                                                                                                    • Instruction ID: 68c7175d087163f3e3ee934903958c3aeb4c0006d300a7af2a5220361dd9ff9f
                                                                                                                    • Opcode Fuzzy Hash: 5cfab165068162f9da1252805a6d1f49e4a980d87e7719c24cecd47f345d4aba
                                                                                                                    • Instruction Fuzzy Hash: 42214AB5600209AFDB10DF68DC81DA637ADEB4A3A8B040159FA049B3A1DB74FC51DAB0
                                                                                                                    Function 00D095AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen
                                                                                                                    • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                    • API String ID: 176396367-2734436370
                                                                                                                    • Opcode ID: d855e2389231e8a7184849888b3c3fbbb633dec78d9cf51abdea7629f1d4315a
                                                                                                                    • Instruction ID: efc0c6f8d5a331405ccd8eb3db2fd5c01b3bc3f22ee815dcf89639e3397323b5
                                                                                                                    • Opcode Fuzzy Hash: d855e2389231e8a7184849888b3c3fbbb633dec78d9cf51abdea7629f1d4315a
                                                                                                                    • Instruction Fuzzy Hash: D42138725045116AC331AB25DC26FB7F398AF51310F58402AF98D971C2EB52DD46D2B5
                                                                                                                    Function 00D337B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00D33840
                                                                                                                    • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00D33850
                                                                                                                    • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00D33876
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend$MoveWindow
                                                                                                                    • String ID: Listbox
                                                                                                                    • API String ID: 3315199576-2633736733
                                                                                                                    • Opcode ID: aa2bcd428f0e09b98fc61f51b0811775a4aca8dcabc2a6ee6a4e43364c76f81f
                                                                                                                    • Instruction ID: 2df3893257a178b02770f687e22cc328790f7d71c2dc32b684669c55366504a2
                                                                                                                    • Opcode Fuzzy Hash: aa2bcd428f0e09b98fc61f51b0811775a4aca8dcabc2a6ee6a4e43364c76f81f
                                                                                                                    • Instruction Fuzzy Hash: 3A21A1B2610218BBEF218F54DC85FBB376EEF89764F158124F9449B190C671DC5287B0
                                                                                                                    Function 00D149F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SetErrorMode.KERNEL32(00000001), ref: 00D14A08
                                                                                                                    • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 00D14A5C
                                                                                                                    • SetErrorMode.KERNEL32(00000000,?,?,00D3CC08), ref: 00D14AD0
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorMode$InformationVolume
                                                                                                                    • String ID: %lu
                                                                                                                    • API String ID: 2507767853-685833217
                                                                                                                    • Opcode ID: a4291e9e6e3452a3f806bc92a97ce2b2921400e30e11e4c0bc2f9534c255c5b4
                                                                                                                    • Instruction ID: 4b5fe2a7864eacd42fea3e8b48ad397b9840df6e7e2edb5a890128aa31e1dfa9
                                                                                                                    • Opcode Fuzzy Hash: a4291e9e6e3452a3f806bc92a97ce2b2921400e30e11e4c0bc2f9534c255c5b4
                                                                                                                    • Instruction Fuzzy Hash: 02317F75A00209AFD710DF54C885EAA7BF8EF05308F148095F909DB252DB71ED45DB71
                                                                                                                    Function 00D341EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00D3424F
                                                                                                                    • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00D34264
                                                                                                                    • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00D34271
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend
                                                                                                                    • String ID: msctls_trackbar32
                                                                                                                    • API String ID: 3850602802-1010561917
                                                                                                                    • Opcode ID: 0ba0fb3e5e55bff6f6f3054ead82a39dca2a7a4d1cf352edc583666bc3351fec
                                                                                                                    • Instruction ID: 70eaf927afcb3a403a0765109d5c0ed4326c71dd97940b86b450c656e91a26de
                                                                                                                    • Opcode Fuzzy Hash: 0ba0fb3e5e55bff6f6f3054ead82a39dca2a7a4d1cf352edc583666bc3351fec
                                                                                                                    • Instruction Fuzzy Hash: 9711E031240308BFEF205E29CC06FAB3BACEF85B64F010224FA55E21A0D271E8519B34
                                                                                                                    Function 00D02F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA6B57: _wcslen.LIBCMT ref: 00CA6B6A
                                                                                                                      • Part of subcall function 00D02DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00D02DC5
                                                                                                                      • Part of subcall function 00D02DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 00D02DD6
                                                                                                                      • Part of subcall function 00D02DA7: GetCurrentThreadId.KERNEL32 ref: 00D02DDD
                                                                                                                      • Part of subcall function 00D02DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00D02DE4
                                                                                                                    • GetFocus.USER32 ref: 00D02F78
                                                                                                                      • Part of subcall function 00D02DEE: GetParent.USER32(00000000), ref: 00D02DF9
                                                                                                                    • GetClassNameW.USER32(?,?,00000100), ref: 00D02FC3
                                                                                                                    • EnumChildWindows.USER32(?,00D0303B), ref: 00D02FEB
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                    • String ID: %s%d
                                                                                                                    • API String ID: 1272988791-1110647743
                                                                                                                    • Opcode ID: 948b1408e5d8726e92d8dd3eeb3f0437d7339f86e1e20db71a56eaa136565823
                                                                                                                    • Instruction ID: d2f46afb90eb980229adb20b783d7b6831cda9279a0181405ba9cf8100b1f40d
                                                                                                                    • Opcode Fuzzy Hash: 948b1408e5d8726e92d8dd3eeb3f0437d7339f86e1e20db71a56eaa136565823
                                                                                                                    • Instruction Fuzzy Hash: CD11AF71700205ABCF15BF649C8AFEE776AEF84304F085075B90DAB292DE3099499B70
                                                                                                                    Function 00D35882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00D358C1
                                                                                                                    • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 00D358EE
                                                                                                                    • DrawMenuBar.USER32(?), ref: 00D358FD
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Menu$InfoItem$Draw
                                                                                                                    • String ID: 0
                                                                                                                    • API String ID: 3227129158-4108050209
                                                                                                                    • Opcode ID: 4b42755e3524b0b4375451d14f0af30d39474fa627ec69f613a2f654654b28cb
                                                                                                                    • Instruction ID: 1d6cca0e08f95b72883015f7fcda34752bb14af1448f56866782a6c3c957f93d
                                                                                                                    • Opcode Fuzzy Hash: 4b42755e3524b0b4375451d14f0af30d39474fa627ec69f613a2f654654b28cb
                                                                                                                    • Instruction Fuzzy Hash: 0D018031500258EFDB219F11EC44BEEBBB4FF45360F1480A9E849D6251DB308A94EF31
                                                                                                                    Function 00D0007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 11cd7a6c7f012c589099e06b5273bc4845e715195d7697f7318f6d15ab68e4a3
                                                                                                                    • Instruction ID: 9de9c928f975dbb876698e99c807234a88c742e670fc9953d31a7e9871dba9fb
                                                                                                                    • Opcode Fuzzy Hash: 11cd7a6c7f012c589099e06b5273bc4845e715195d7697f7318f6d15ab68e4a3
                                                                                                                    • Instruction Fuzzy Hash: D5C12C75A0021AEFDB15CFA4C894BAEBBB5FF48704F148598E509EB291D731DE41CBA0
                                                                                                                    Function 00CD3E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: __alldvrm$_strrchr
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1036877536-0
                                                                                                                    • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                    • Instruction ID: f070da9b6c06490ec7bd9ded0a8e00e0c848c48fb16e2686bc654f989817c914
                                                                                                                    • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                    • Instruction Fuzzy Hash: 72A16871D003869FDB29CF58C8917AEBBE5EF61350F1841AFE7959B381C2349A81C751
                                                                                                                    Function 00D2342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1998397398-0
                                                                                                                    • Opcode ID: 436d75efda34723751b44c35805b418b1f8a9280ace11caf22564f4bfa57caee
                                                                                                                    • Instruction ID: fbe029226163988aae6b978e992a8d9408fd064b2c92ff29dd814c3bd2ff61b4
                                                                                                                    • Opcode Fuzzy Hash: 436d75efda34723751b44c35805b418b1f8a9280ace11caf22564f4bfa57caee
                                                                                                                    • Instruction Fuzzy Hash: 32A16F756043119FC700EF28D885A2AB7E5FF89718F04895DF98A9B362DB34ED01DBA1
                                                                                                                    Function 00D00436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,00D3FC08,?), ref: 00D005F0
                                                                                                                    • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,00D3FC08,?), ref: 00D00608
                                                                                                                    • CLSIDFromProgID.OLE32(?,?,00000000,00D3CC40,000000FF,?,00000000,00000800,00000000,?,00D3FC08,?), ref: 00D0062D
                                                                                                                    • _memcmp.LIBVCRUNTIME ref: 00D0064E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FromProg$FreeTask_memcmp
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 314563124-0
                                                                                                                    • Opcode ID: 0ca118bbae88063a20f27ac237536596de9adbc2610acd1c0df7670dce1cab24
                                                                                                                    • Instruction ID: 8b466de0a869d027d1c2e9debfd29009a4855856c5245400963f463f85e0c294
                                                                                                                    • Opcode Fuzzy Hash: 0ca118bbae88063a20f27ac237536596de9adbc2610acd1c0df7670dce1cab24
                                                                                                                    • Instruction Fuzzy Hash: 9181FE75A00109EFCB04DF94C988EEEBBB9FF89315F144558E516EB290DB71AE06CB60
                                                                                                                    Function 00D2A67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateToolhelp32Snapshot.KERNEL32 ref: 00D2A6AC
                                                                                                                    • Process32FirstW.KERNEL32(00000000,?), ref: 00D2A6BA
                                                                                                                      • Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD
                                                                                                                    • Process32NextW.KERNEL32(00000000,?), ref: 00D2A79C
                                                                                                                    • CloseHandle.KERNEL32(00000000), ref: 00D2A7AB
                                                                                                                      • Part of subcall function 00CBCE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,00CE3303,?), ref: 00CBCE8A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1991900642-0
                                                                                                                    • Opcode ID: 93efb7a359108dc008858583d6b654955f9193b0725efc628bc7ceefcb4e183b
                                                                                                                    • Instruction ID: bc074a1bb16904c66819e642838657b8e9713a7bc1a093069bf2008b80c2ef08
                                                                                                                    • Opcode Fuzzy Hash: 93efb7a359108dc008858583d6b654955f9193b0725efc628bc7ceefcb4e183b
                                                                                                                    • Instruction Fuzzy Hash: 41516F715083119FD710EF24D886A6BBBE8FF89758F04891DF585D72A1EB30D904DBA2
                                                                                                                    Function 00CE1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _free
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 269201875-0
                                                                                                                    • Opcode ID: 24767c41011c702e52f4ee4aafe382e24c09a2ab7ef4852a1affdf3219cb96bd
                                                                                                                    • Instruction ID: f7d7d1ae325220629ea918f4d5b6bfaa6991662abdeeacf575a67228803eae90
                                                                                                                    • Opcode Fuzzy Hash: 24767c41011c702e52f4ee4aafe382e24c09a2ab7ef4852a1affdf3219cb96bd
                                                                                                                    • Instruction Fuzzy Hash: 31413E35A005906BDB216BBBCC45BBE3AA5EF41330F1C0269FD29D63D2E6348951B272
                                                                                                                    Function 00D36278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00D362E2
                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00D36315
                                                                                                                    • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00D36382
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$ClientMoveRectScreen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3880355969-0
                                                                                                                    • Opcode ID: 12bff20eaf873191819b6db5503ea6cfcba56094cb309f60f02564744cc6b05c
                                                                                                                    • Instruction ID: a337ce54117ba896861958941391c390a8db2e844435103407a3909a0b913b42
                                                                                                                    • Opcode Fuzzy Hash: 12bff20eaf873191819b6db5503ea6cfcba56094cb309f60f02564744cc6b05c
                                                                                                                    • Instruction Fuzzy Hash: E0510A75A00209EFDB10DF68D8819AE7BB5EB45360F188259F965DB2A0D730ED81CB60
                                                                                                                    Function 00D21AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • socket.WSOCK32(00000002,00000002,00000011), ref: 00D21AFD
                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00D21B0B
                                                                                                                    • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00D21B8A
                                                                                                                    • WSAGetLastError.WSOCK32 ref: 00D21B94
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorLast$socket
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1881357543-0
                                                                                                                    • Opcode ID: f2bb6c4a03ae3f1fc5934b2a01739cd906fb14d775aaf8abfbf09ed83eef5785
                                                                                                                    • Instruction ID: 6ec5d5077b5272131ca9e34c9e8072470d6c325a01d22102ed00c7d51eb9a42c
                                                                                                                    • Opcode Fuzzy Hash: f2bb6c4a03ae3f1fc5934b2a01739cd906fb14d775aaf8abfbf09ed83eef5785
                                                                                                                    • Instruction Fuzzy Hash: 2541D138600201AFE720AF24D886F2A77E5AB55718F58C448F91A9F3D2D772DD41CBA0
                                                                                                                    Function 00CDB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: e64f6a5505b1e893a14c63466c46314e97379ca3a7baa7abafe8bcdc78503561
                                                                                                                    • Instruction ID: cda0bd4a16831265e780ecbc2e0f9e7f909cadb7b9ed31b1081ee468e9171e95
                                                                                                                    • Opcode Fuzzy Hash: e64f6a5505b1e893a14c63466c46314e97379ca3a7baa7abafe8bcdc78503561
                                                                                                                    • Instruction Fuzzy Hash: 9941D171A00244EFD724DF38C841BAABBE9EB88710F11452FF651DB382D7719A019790
                                                                                                                    Function 00D156D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 00D15783
                                                                                                                    • GetLastError.KERNEL32(?,00000000), ref: 00D157A9
                                                                                                                    • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 00D157CE
                                                                                                                    • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 00D157FA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3321077145-0
                                                                                                                    • Opcode ID: d1aaab5d3b268a853e4d410f2fa194aac51e17d9537d6b0cd8cdbc64c404a558
                                                                                                                    • Instruction ID: 0e2c3154acc8cb66708041be3eb5cb5306e96b4877f0d616b647fc2acf26b939
                                                                                                                    • Opcode Fuzzy Hash: d1aaab5d3b268a853e4d410f2fa194aac51e17d9537d6b0cd8cdbc64c404a558
                                                                                                                    • Instruction Fuzzy Hash: 0A411F39600611DFCB11EF55D585A5EBBE2FF89314B198488E84AAB362CB34FD40DBA1
                                                                                                                    Function 00CDD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00CC6D71,00000000,00000000,00CC82D9,?,00CC82D9,?,00000001,00CC6D71,8BE85006,00000001,00CC82D9,00CC82D9), ref: 00CDD910
                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00CDD999
                                                                                                                    • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 00CDD9AB
                                                                                                                    • __freea.LIBCMT ref: 00CDD9B4
                                                                                                                      • Part of subcall function 00CD3820: RtlAllocateHeap.NTDLL(00000000,?,00D71444,?,00CBFDF5,?,?,00CAA976,00000010,00D71440,00CA13FC,?,00CA13C6,?,00CA1129), ref: 00CD3852
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2652629310-0
                                                                                                                    • Opcode ID: 22f2b382b5eec745cdbc815481f827a0d7b972d7f6ac5783c550efc9c2a81abc
                                                                                                                    • Instruction ID: 7faf747da9a2002988d929bd4ff96ec4bd38e358fca4c79b8081563979d99ddb
                                                                                                                    • Opcode Fuzzy Hash: 22f2b382b5eec745cdbc815481f827a0d7b972d7f6ac5783c550efc9c2a81abc
                                                                                                                    • Instruction Fuzzy Hash: 4531FE72A1020AABDF249F65DC91EBE7BA5EB40310F05016AFD15D7290EB36CE50DBA0
                                                                                                                    Function 00D352C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(?,00001024,00000000,?), ref: 00D35352
                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00D35375
                                                                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00D35382
                                                                                                                    • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 00D353A8
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3340791633-0
                                                                                                                    • Opcode ID: adf680affbd72d8f2609d049b067b95c5970c714d0d197ec708469a657bfab7d
                                                                                                                    • Instruction ID: a18376eca604157c9ef1266e70a5341f715a6e73a611bd80de3b2be0d91d800b
                                                                                                                    • Opcode Fuzzy Hash: adf680affbd72d8f2609d049b067b95c5970c714d0d197ec708469a657bfab7d
                                                                                                                    • Instruction Fuzzy Hash: CC31C334A95A08EFEB309F54EC06BE83765EB053D0F5C4101FA51962E5C7B1AD80EB72
                                                                                                                    Function 00D0AB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 00D0ABF1
                                                                                                                    • SetKeyboardState.USER32(00000080,?,00008000), ref: 00D0AC0D
                                                                                                                    • PostMessageW.USER32(00000000,00000101,00000000), ref: 00D0AC74
                                                                                                                    • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 00D0ACC6
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: KeyboardState$InputMessagePostSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 432972143-0
                                                                                                                    • Opcode ID: 5921694d921020da725de9eabe25f2769fa2f6a9da02aaaefb841110e60be66b
                                                                                                                    • Instruction ID: 69c9765a6b40b3b604393fbc8ecf60b9776fe9a7a1793e5cd1b55a2f3c7f1bd0
                                                                                                                    • Opcode Fuzzy Hash: 5921694d921020da725de9eabe25f2769fa2f6a9da02aaaefb841110e60be66b
                                                                                                                    • Instruction Fuzzy Hash: 07310734A04718AFFF35CB69CC097FE7BA5AB89310F09431AE48D962D1C3758985877A
                                                                                                                    Function 00D37674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ClientToScreen.USER32(?,?), ref: 00D3769A
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00D37710
                                                                                                                    • PtInRect.USER32(?,?,00D38B89), ref: 00D37720
                                                                                                                    • MessageBeep.USER32(00000000), ref: 00D3778C
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1352109105-0
                                                                                                                    • Opcode ID: 5b51fff253dbac9df26f45cbc94ec69b1fa6bd2bb91d8c218a97e9bb783704f6
                                                                                                                    • Instruction ID: a7e7b7517c306ed1e22019907278597f0f08dbf9d67dd790103e8d276135ae9c
                                                                                                                    • Opcode Fuzzy Hash: 5b51fff253dbac9df26f45cbc94ec69b1fa6bd2bb91d8c218a97e9bb783704f6
                                                                                                                    • Instruction Fuzzy Hash: 31419CB8605A14AFCB21CF58C895EA977F4FB49310F1841A8E524DB361D330E942CFB0
                                                                                                                    Function 00D316DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetForegroundWindow.USER32 ref: 00D316EB
                                                                                                                      • Part of subcall function 00D03A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 00D03A57
                                                                                                                      • Part of subcall function 00D03A3D: GetCurrentThreadId.KERNEL32 ref: 00D03A5E
                                                                                                                      • Part of subcall function 00D03A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,00D025B3), ref: 00D03A65
                                                                                                                    • GetCaretPos.USER32(?), ref: 00D316FF
                                                                                                                    • ClientToScreen.USER32(00000000,?), ref: 00D3174C
                                                                                                                    • GetForegroundWindow.USER32 ref: 00D31752
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2759813231-0
                                                                                                                    • Opcode ID: d6e7b22bf1bee106ff7cb56a96010d0b87db30a7f6a3bc1e5e0dc56c79be9fe8
                                                                                                                    • Instruction ID: 8451a7a67ffe4380131ae7fd3e1195ded95e879980455a8cdd3c04a4ba1d55f4
                                                                                                                    • Opcode Fuzzy Hash: d6e7b22bf1bee106ff7cb56a96010d0b87db30a7f6a3bc1e5e0dc56c79be9fe8
                                                                                                                    • Instruction Fuzzy Hash: B33121B5D00249AFC704DFA9C881DAEB7FDEF49308B548069E415E7251D731DE45CBA0
                                                                                                                    Function 00D0DF95 Relevance: 6.1, APIs: 4, Instructions: 87COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA7620: _wcslen.LIBCMT ref: 00CA7625
                                                                                                                    • _wcslen.LIBCMT ref: 00D0DFCB
                                                                                                                    • _wcslen.LIBCMT ref: 00D0DFE2
                                                                                                                    • _wcslen.LIBCMT ref: 00D0E00D
                                                                                                                    • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 00D0E018
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$ExtentPoint32Text
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3763101759-0
                                                                                                                    • Opcode ID: 8e362d24d2af7f4c4d96e6305a7b8651381d05fb3026994913a528fbfb34fd25
                                                                                                                    • Instruction ID: 1022c953b93be3e2f128c6bfb6e584d239367b96cd97e30c80089632c783a41f
                                                                                                                    • Opcode Fuzzy Hash: 8e362d24d2af7f4c4d96e6305a7b8651381d05fb3026994913a528fbfb34fd25
                                                                                                                    • Instruction Fuzzy Hash: 7D218371900215AFCB209FA8D981BAEB7F8EF45750F148069F809BB385D6709E41DBB1
                                                                                                                    Function 00D38FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00CB9BB2
                                                                                                                    • GetCursorPos.USER32(?), ref: 00D39001
                                                                                                                    • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,00CF7711,?,?,?,?,?), ref: 00D39016
                                                                                                                    • GetCursorPos.USER32(?), ref: 00D3905E
                                                                                                                    • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,00CF7711,?,?,?), ref: 00D39094
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2864067406-0
                                                                                                                    • Opcode ID: b724280f7d33b0b56683d51e90b144626d33fe0d03030d40b44ec930501547f5
                                                                                                                    • Instruction ID: 6febfcf3a58037e3d795d3e2a8ef8a029e766f2808a8969ce8e792a1c773d0d2
                                                                                                                    • Opcode Fuzzy Hash: b724280f7d33b0b56683d51e90b144626d33fe0d03030d40b44ec930501547f5
                                                                                                                    • Instruction Fuzzy Hash: 5D21D135600218EFCB298FA8CC68EFABBB9EF49350F084155F90597261D3719990EB70
                                                                                                                    Function 00D0D2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetFileAttributesW.KERNEL32(?,00D3CB68), ref: 00D0D2FB
                                                                                                                    • GetLastError.KERNEL32 ref: 00D0D30A
                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00D0D319
                                                                                                                    • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,00D3CB68), ref: 00D0D376
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2267087916-0
                                                                                                                    • Opcode ID: 84fe7038ce901278ec9adea052c51c1fb508f1cf92e838f707b9c4023189f44d
                                                                                                                    • Instruction ID: cb3d848ac8845574e81ed7bf22e6a401ffc7d8ed81416e5e0e7ab5c14a1e370f
                                                                                                                    • Opcode Fuzzy Hash: 84fe7038ce901278ec9adea052c51c1fb508f1cf92e838f707b9c4023189f44d
                                                                                                                    • Instruction Fuzzy Hash: 0D21A1705093029FC700DFA8C88196BB7E4EE56368F544A1EF499D32E1D730D94ACBA3
                                                                                                                    Function 00D01571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00D01014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00D0102A
                                                                                                                      • Part of subcall function 00D01014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 00D01036
                                                                                                                      • Part of subcall function 00D01014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00D01045
                                                                                                                      • Part of subcall function 00D01014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00D0104C
                                                                                                                      • Part of subcall function 00D01014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00D01062
                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 00D015BE
                                                                                                                    • _memcmp.LIBVCRUNTIME ref: 00D015E1
                                                                                                                    • GetProcessHeap.KERNEL32(00000000,00000000), ref: 00D01617
                                                                                                                    • HeapFree.KERNEL32(00000000), ref: 00D0161E
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1592001646-0
                                                                                                                    • Opcode ID: f56aa0ba45121b4dae35286a5882b991bbbe83309d163d2e49ea035d322f675e
                                                                                                                    • Instruction ID: d5ce3e44ec7419aafafe9457bacfdd62a530c2bb165ecac8ee4ed3edb9a64e0d
                                                                                                                    • Opcode Fuzzy Hash: f56aa0ba45121b4dae35286a5882b991bbbe83309d163d2e49ea035d322f675e
                                                                                                                    • Instruction Fuzzy Hash: 52217832E00208AFDB14DFA4CD49BEEB7B8EF44344F084459E449AB281E731AA45DBA0
                                                                                                                    Function 00D32782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 00D3280A
                                                                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00D32824
                                                                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00D32832
                                                                                                                    • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00D32840
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Long$AttributesLayered
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2169480361-0
                                                                                                                    • Opcode ID: fc79cfc6acc5a13bb010b6ff95a753c44ffac64ba96385b07d922dd6fae0fd9f
                                                                                                                    • Instruction ID: 36dad5dfa52540e9ac41b126f5cc85e0585585a6d4b9ffc93bab044e5a85c446
                                                                                                                    • Opcode Fuzzy Hash: fc79cfc6acc5a13bb010b6ff95a753c44ffac64ba96385b07d922dd6fae0fd9f
                                                                                                                    • Instruction Fuzzy Hash: C121A131A05611AFD7149B24C855FBA7BA5EF45324F188158F466CB6E2C771FC42C7A0
                                                                                                                    Function 00D078F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00D08D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,00D0790A,?,000000FF,?,00D08754,00000000,?,0000001C,?,?), ref: 00D08D8C
                                                                                                                      • Part of subcall function 00D08D7D: lstrcpyW.KERNEL32(00000000,?), ref: 00D08DB2
                                                                                                                      • Part of subcall function 00D08D7D: lstrcmpiW.KERNEL32(00000000,?,00D0790A,?,000000FF,?,00D08754,00000000,?,0000001C,?,?), ref: 00D08DE3
                                                                                                                    • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,00D08754,00000000,?,0000001C,?,?,00000000), ref: 00D07923
                                                                                                                    • lstrcpyW.KERNEL32(00000000,?), ref: 00D07949
                                                                                                                    • lstrcmpiW.KERNEL32(00000002,cdecl,?,00D08754,00000000,?,0000001C,?,?,00000000), ref: 00D07984
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: lstrcmpilstrcpylstrlen
                                                                                                                    • String ID: cdecl
                                                                                                                    • API String ID: 4031866154-3896280584
                                                                                                                    • Opcode ID: 1c9d12228b263ea0cbafa5dff50a87763115fc4adda5c65bbd2e43b4a6c747b3
                                                                                                                    • Instruction ID: 4466659afdc102487063e6467e2234823562ab4f5e7c937ce8702609eebb3f18
                                                                                                                    • Opcode Fuzzy Hash: 1c9d12228b263ea0cbafa5dff50a87763115fc4adda5c65bbd2e43b4a6c747b3
                                                                                                                    • Instruction Fuzzy Hash: E211B43A600341AFCB155F34D845EBA77A9FF45350B54402AE94ACB3A4EB71D811DBB1
                                                                                                                    Function 00D37CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00D37D0B
                                                                                                                    • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00D37D2A
                                                                                                                    • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00D37D42
                                                                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,00D1B7AD,00000000), ref: 00D37D6B
                                                                                                                      • Part of subcall function 00CB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00CB9BB2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$Long
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 847901565-0
                                                                                                                    • Opcode ID: c1c803b10b84db20d3f646f3ee8b194363f563b92a6b06eae16aeb36601714c5
                                                                                                                    • Instruction ID: d5fec4c01086028f394e7e785c56d51006ea8335b696b57b6c23220b6dcbae36
                                                                                                                    • Opcode Fuzzy Hash: c1c803b10b84db20d3f646f3ee8b194363f563b92a6b06eae16aeb36601714c5
                                                                                                                    • Instruction Fuzzy Hash: 2511DF72214A54EFCB208F28DC04AA63BA4AF45360F198324F939D72F0E730C952DB60
                                                                                                                    Function 00D35660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(?,00001060,?,00000004), ref: 00D356BB
                                                                                                                    • _wcslen.LIBCMT ref: 00D356CD
                                                                                                                    • _wcslen.LIBCMT ref: 00D356D8
                                                                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00D35816
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend_wcslen
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 455545452-0
                                                                                                                    • Opcode ID: 8e3cee7695ab8403a1fe5e4efdf58eded2e4064fb7fc0dc11e9c32414fa13e97
                                                                                                                    • Instruction ID: 1de56c36121b1cc5f402d2ae7ed4cb29e21f511457c8d8dfc8adde96e67541ca
                                                                                                                    • Opcode Fuzzy Hash: 8e3cee7695ab8403a1fe5e4efdf58eded2e4064fb7fc0dc11e9c32414fa13e97
                                                                                                                    • Instruction Fuzzy Hash: A9110075A00618A6DB20DF65EC82AEE37ACEF01760F14802AF905D6085EB70CA80CF70
                                                                                                                    Function 00CD1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID:
                                                                                                                    • API String ID:
                                                                                                                    • Opcode ID: 91167e43004a3fd883f71c2e6166237d2896176683f9411582d4c894a04cc98b
                                                                                                                    • Instruction ID: de08eed3570e99e06defa1b15a91bf6fc4fdfae91394eebc5c25ad352a9d7339
                                                                                                                    • Opcode Fuzzy Hash: 91167e43004a3fd883f71c2e6166237d2896176683f9411582d4c894a04cc98b
                                                                                                                    • Instruction Fuzzy Hash: DC014FB26097167EF62226786CC1F67661EDF513B8B381327FB32A13D2DB608D40A170
                                                                                                                    Function 00D01A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 00D01A47
                                                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00D01A59
                                                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00D01A6F
                                                                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00D01A8A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3850602802-0
                                                                                                                    • Opcode ID: 096e13cb119c49c7a2f2d56afada9fb63130da9762c9a602e74a6d9882d152aa
                                                                                                                    • Instruction ID: 6b061dcd810ea03a11c46235013cec7d16eb44a48767dfbdb25c8ed4a84c0c3d
                                                                                                                    • Opcode Fuzzy Hash: 096e13cb119c49c7a2f2d56afada9fb63130da9762c9a602e74a6d9882d152aa
                                                                                                                    • Instruction Fuzzy Hash: 8711FA3AA01219FFEB119BA5CD85FADBB78EB04754F200091E604B7290D6716E51DBA4
                                                                                                                    Function 00D0E1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00D0E1FD
                                                                                                                    • MessageBoxW.USER32(?,?,?,?), ref: 00D0E230
                                                                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00D0E246
                                                                                                                    • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00D0E24D
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2880819207-0
                                                                                                                    • Opcode ID: 0361c4ad605c399c426a0455df0b45232291e7831d20c6132a3cf121f491e8a4
                                                                                                                    • Instruction ID: cfb620cb10dd0b0855ab46921476a02eb59ce51bc2520d0621b3428cc1decf4f
                                                                                                                    • Opcode Fuzzy Hash: 0361c4ad605c399c426a0455df0b45232291e7831d20c6132a3cf121f491e8a4
                                                                                                                    • Instruction Fuzzy Hash: 7C11AD76904358BBC7019BA8AC09B9A7BACAB45324F044769F929E3391E6B0C94487B0
                                                                                                                    Function 00CCD1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateThread.KERNEL32(00000000,?,00CCCFF9,00000000,00000004,00000000), ref: 00CCD218
                                                                                                                    • GetLastError.KERNEL32 ref: 00CCD224
                                                                                                                    • __dosmaperr.LIBCMT ref: 00CCD22B
                                                                                                                    • ResumeThread.KERNEL32(00000000), ref: 00CCD249
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 173952441-0
                                                                                                                    • Opcode ID: 8d1003379ca001ec579ebf3d3dbf06b1654ad2e1d3f5bce846d37f11369c8d48
                                                                                                                    • Instruction ID: 70f1bee55d6ebb65f382c6a4ed949c79743a96c68afed9093278f78a5aebf20f
                                                                                                                    • Opcode Fuzzy Hash: 8d1003379ca001ec579ebf3d3dbf06b1654ad2e1d3f5bce846d37f11369c8d48
                                                                                                                    • Instruction Fuzzy Hash: 7A01D276805204BBCB216BA5DC09FAE7A6DDF81331F20022DF926921D0CB70CD41E7A0
                                                                                                                    Function 00D39EF3 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CB9BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00CB9BB2
                                                                                                                    • GetClientRect.USER32(?,?), ref: 00D39F31
                                                                                                                    • GetCursorPos.USER32(?), ref: 00D39F3B
                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00D39F46
                                                                                                                    • DefDlgProcW.USER32(?,00000020,?,00000000,?,?,?), ref: 00D39F7A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4127811313-0
                                                                                                                    • Opcode ID: 269445e9ac1f1f9a69b97390e2f9aa8929f7229be12f029eb540ce8285d0950b
                                                                                                                    • Instruction ID: 842ff8c07b2eaf0848c102b162dcf2ff82537b06ed6aef78f2e998af8b93878e
                                                                                                                    • Opcode Fuzzy Hash: 269445e9ac1f1f9a69b97390e2f9aa8929f7229be12f029eb540ce8285d0950b
                                                                                                                    • Instruction Fuzzy Hash: 8411573690021AABDB10EFA8C899DEEB7B8FF05311F004551F911E3250D770BA81CBB1
                                                                                                                    Function 00CA600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00CA604C
                                                                                                                    • GetStockObject.GDI32(00000011), ref: 00CA6060
                                                                                                                    • SendMessageW.USER32(00000000,00000030,00000000), ref: 00CA606A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CreateMessageObjectSendStockWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3970641297-0
                                                                                                                    • Opcode ID: db2fc674cf4ab2decdb47301fdf39f11bb32fe5736b91ff9ae8e3a64c6d74b89
                                                                                                                    • Instruction ID: 6fc763c7b98d5a62b3269d98f9b68ede8520827371c0c5d409bc46cf1a7a55fb
                                                                                                                    • Opcode Fuzzy Hash: db2fc674cf4ab2decdb47301fdf39f11bb32fe5736b91ff9ae8e3a64c6d74b89
                                                                                                                    • Instruction Fuzzy Hash: D611617250164ABFEF124FA49C45EEABF69EF09398F050215FA1492110D7329DA0EBA4
                                                                                                                    Function 00CC3B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • ___BuildCatchObject.LIBVCRUNTIME ref: 00CC3B56
                                                                                                                      • Part of subcall function 00CC3AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00CC3AD2
                                                                                                                      • Part of subcall function 00CC3AA3: ___AdjustPointer.LIBCMT ref: 00CC3AED
                                                                                                                    • _UnwindNestedFrames.LIBCMT ref: 00CC3B6B
                                                                                                                    • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00CC3B7C
                                                                                                                    • CallCatchBlock.LIBVCRUNTIME ref: 00CC3BA4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 737400349-0
                                                                                                                    • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                    • Instruction ID: 50cfa37b2020b7fe82f3beca904313014b8739cd062866351e8570080e37d389
                                                                                                                    • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                    • Instruction Fuzzy Hash: E0010C32100189BBDF125E95DC46EEB7F7EEF58754F048018FE5896121C732E961EBA0
                                                                                                                    Function 00CD3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,00CA13C6,00000000,00000000,?,00CD301A,00CA13C6,00000000,00000000,00000000,?,00CD328B,00000006,FlsSetValue), ref: 00CD30A5
                                                                                                                    • GetLastError.KERNEL32(?,00CD301A,00CA13C6,00000000,00000000,00000000,?,00CD328B,00000006,FlsSetValue,00D42290,FlsSetValue,00000000,00000364,?,00CD2E46), ref: 00CD30B1
                                                                                                                    • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,00CD301A,00CA13C6,00000000,00000000,00000000,?,00CD328B,00000006,FlsSetValue,00D42290,FlsSetValue,00000000), ref: 00CD30BF
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LibraryLoad$ErrorLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3177248105-0
                                                                                                                    • Opcode ID: 8539b6737afcaef4e2887e9c3a5b11c39b0c45278b06f7953506ed67160a5d92
                                                                                                                    • Instruction ID: e64f0b9406c5c596ce4357ed7eea4688d6e0a45d846cc5ef5c1cd7406fd38d20
                                                                                                                    • Opcode Fuzzy Hash: 8539b6737afcaef4e2887e9c3a5b11c39b0c45278b06f7953506ed67160a5d92
                                                                                                                    • Instruction Fuzzy Hash: 49012B36311362ABCB314B79AC449577B98AF45B61B140621FB15F3380D721EA01C7F1
                                                                                                                    Function 00D07464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 00D0747F
                                                                                                                    • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 00D07497
                                                                                                                    • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 00D074AC
                                                                                                                    • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 00D074CA
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1352324309-0
                                                                                                                    • Opcode ID: 3b9fef2a1edb097ad38900ba9353de3d0b36bfc76c7c2c4cbdad6cdfa985f4ac
                                                                                                                    • Instruction ID: 05c20d061389f11af8cfd0f0a11012cd28502c534bc628186ed6d5f7470a99d4
                                                                                                                    • Opcode Fuzzy Hash: 3b9fef2a1edb097ad38900ba9353de3d0b36bfc76c7c2c4cbdad6cdfa985f4ac
                                                                                                                    • Instruction Fuzzy Hash: 2E1180B5A05315AFE7208F54EC09F927FFCEB00B04F108569A65AEA191D7B0F904DB70
                                                                                                                    Function 00D0B0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00D0ACD3,?,00008000), ref: 00D0B0C4
                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00D0ACD3,?,00008000), ref: 00D0B0E9
                                                                                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,00D0ACD3,?,00008000), ref: 00D0B0F3
                                                                                                                    • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,00D0ACD3,?,00008000), ref: 00D0B126
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CounterPerformanceQuerySleep
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2875609808-0
                                                                                                                    • Opcode ID: 7617ff0a15e48bbace7e6127c23c287aba3dc757e50347794fad70956f549c46
                                                                                                                    • Instruction ID: bb790c3e7c60658f9020b5543013f488875f311db1a743785d700f4696d5265e
                                                                                                                    • Opcode Fuzzy Hash: 7617ff0a15e48bbace7e6127c23c287aba3dc757e50347794fad70956f549c46
                                                                                                                    • Instruction Fuzzy Hash: 26113C31D05718D7CF009FA4D9587EEBB78FF1A721F104086D945B2281CB7095509B72
                                                                                                                    Function 00D37E14 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetWindowRect.USER32(?,?), ref: 00D37E33
                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00D37E4B
                                                                                                                    • ScreenToClient.USER32(?,?), ref: 00D37E6F
                                                                                                                    • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 00D37E8A
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 357397906-0
                                                                                                                    • Opcode ID: 2dd7b1d4ed96d6bf489647303292a94ecd5b3b907cd8e40887aa5e420260e1e4
                                                                                                                    • Instruction ID: 7981f2fba38670bf76f2717fb3a5f99905de72dad33337a22414c34807630f78
                                                                                                                    • Opcode Fuzzy Hash: 2dd7b1d4ed96d6bf489647303292a94ecd5b3b907cd8e40887aa5e420260e1e4
                                                                                                                    • Instruction Fuzzy Hash: 1F1143B9D0020AAFDB51CF98C8849EEBBF5FB08310F505056E915E2210D735AA55CF60
                                                                                                                    Function 00D02DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00D02DC5
                                                                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 00D02DD6
                                                                                                                    • GetCurrentThreadId.KERNEL32 ref: 00D02DDD
                                                                                                                    • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 00D02DE4
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2710830443-0
                                                                                                                    • Opcode ID: 6d833fb474ba774ac9e27776e06e838e0ca1a882e620d7a819e1da7d95deaac0
                                                                                                                    • Instruction ID: 627a46026a9c8e80171f92ba161ec65b0e73296ffd2a0de8f05596f87dbf832e
                                                                                                                    • Opcode Fuzzy Hash: 6d833fb474ba774ac9e27776e06e838e0ca1a882e620d7a819e1da7d95deaac0
                                                                                                                    • Instruction Fuzzy Hash: 9CE092716123247BDB201B729C0EFFB3E6CEF42BA1F041015F109E11909AA4C840C7F0
                                                                                                                    Function 00D38863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CB9639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00CB9693
                                                                                                                      • Part of subcall function 00CB9639: SelectObject.GDI32(?,00000000), ref: 00CB96A2
                                                                                                                      • Part of subcall function 00CB9639: BeginPath.GDI32(?), ref: 00CB96B9
                                                                                                                      • Part of subcall function 00CB9639: SelectObject.GDI32(?,00000000), ref: 00CB96E2
                                                                                                                    • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00D38887
                                                                                                                    • LineTo.GDI32(?,?,?), ref: 00D38894
                                                                                                                    • EndPath.GDI32(?), ref: 00D388A4
                                                                                                                    • StrokePath.GDI32(?), ref: 00D388B2
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1539411459-0
                                                                                                                    • Opcode ID: cdbd167efcdfef795879ff015df212bfc92b56f8dbf1eac3cf00909374924c55
                                                                                                                    • Instruction ID: 4229e7b4008b76d762b654967f62d21e5ee42b8a24c6416ec23341f02751d7b2
                                                                                                                    • Opcode Fuzzy Hash: cdbd167efcdfef795879ff015df212bfc92b56f8dbf1eac3cf00909374924c55
                                                                                                                    • Instruction Fuzzy Hash: A4F03A36055758BADB125F98AC09FCA3B69AF06310F088100FB12B52E2C7B55551DFF5
                                                                                                                    Function 00CB98B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetSysColor.USER32(00000008), ref: 00CB98CC
                                                                                                                    • SetTextColor.GDI32(?,?), ref: 00CB98D6
                                                                                                                    • SetBkMode.GDI32(?,00000001), ref: 00CB98E9
                                                                                                                    • GetStockObject.GDI32(00000005), ref: 00CB98F1
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Color$ModeObjectStockText
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 4037423528-0
                                                                                                                    • Opcode ID: 99115a795775c9fc74cfa0b62cf9a11f312b87d53dee56a339c08dfc1fb770a0
                                                                                                                    • Instruction ID: 51f3b0ed170682a5fe63536b5c9666f338cb21fd7fac9fe836569c064d4e7372
                                                                                                                    • Opcode Fuzzy Hash: 99115a795775c9fc74cfa0b62cf9a11f312b87d53dee56a339c08dfc1fb770a0
                                                                                                                    • Instruction Fuzzy Hash: A6E06531254744AADB215B74EC09BE83F10EB11375F049319F7F9A41E1C3724640DB21
                                                                                                                    Function 00D0162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetCurrentThread.KERNEL32 ref: 00D01634
                                                                                                                    • OpenThreadToken.ADVAPI32(00000000,?,?,?,00D011D9), ref: 00D0163B
                                                                                                                    • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,00D011D9), ref: 00D01648
                                                                                                                    • OpenProcessToken.ADVAPI32(00000000,?,?,?,00D011D9), ref: 00D0164F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CurrentOpenProcessThreadToken
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 3974789173-0
                                                                                                                    • Opcode ID: 0b7e5ab564a8984e0351e3a482787ed0442bd6bacfc226fb8971a64c416e7bb9
                                                                                                                    • Instruction ID: 7b8fc1c1c8602545a25564c9920689b00ca609e522f88515d01a987679d71fa4
                                                                                                                    • Opcode Fuzzy Hash: 0b7e5ab564a8984e0351e3a482787ed0442bd6bacfc226fb8971a64c416e7bb9
                                                                                                                    • Instruction Fuzzy Hash: B8E08C36612311EBD7301FA0AE0DB873B7CAF44792F188808F249E9080E7348444CB74
                                                                                                                    Function 00CFD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetDesktopWindow.USER32 ref: 00CFD858
                                                                                                                    • GetDC.USER32(00000000), ref: 00CFD862
                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00CFD882
                                                                                                                    • ReleaseDC.USER32(?), ref: 00CFD8A3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2889604237-0
                                                                                                                    • Opcode ID: 0ad12e34c14c58922ae02c7b970ea77c06a5b2da40cb010ff55343ace5f4b10a
                                                                                                                    • Instruction ID: 277a280f43b3b21ebd874f32cbeb362800718645effb782d4908eeeadf373eea
                                                                                                                    • Opcode Fuzzy Hash: 0ad12e34c14c58922ae02c7b970ea77c06a5b2da40cb010ff55343ace5f4b10a
                                                                                                                    • Instruction Fuzzy Hash: DCE01AB1810305DFCB41AFA1D84D66DBBB2FB08310F109009F846F7360D7388901AF60
                                                                                                                    Function 00CFD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetDesktopWindow.USER32 ref: 00CFD86C
                                                                                                                    • GetDC.USER32(00000000), ref: 00CFD876
                                                                                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00CFD882
                                                                                                                    • ReleaseDC.USER32(?), ref: 00CFD8A3
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 2889604237-0
                                                                                                                    • Opcode ID: 3ae09b8265559444941ff7070d662719112ada7c6980c8599a70e348aeedcf05
                                                                                                                    • Instruction ID: 0d34a8d7be79c6598d4450e52170f660835ba03f1741a622ab10595385112e69
                                                                                                                    • Opcode Fuzzy Hash: 3ae09b8265559444941ff7070d662719112ada7c6980c8599a70e348aeedcf05
                                                                                                                    • Instruction Fuzzy Hash: 45E012B1810304EFCB40AFA0D84D66DBBB1BB08310F10A008F84AF7360DB389901AF60
                                                                                                                    Function 00D14D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA7620: _wcslen.LIBCMT ref: 00CA7625
                                                                                                                    • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 00D14ED4
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Connection_wcslen
                                                                                                                    • String ID: *$LPT
                                                                                                                    • API String ID: 1725874428-3443410124
                                                                                                                    • Opcode ID: 80cf84b03bd4359fc356cd3df29daf184135e908ba896993e94d04022de77157
                                                                                                                    • Instruction ID: d23c2c9ecd1ef3002fc0483317c62d0cf95c1b77b26bf644f0360bd7d42d0d17
                                                                                                                    • Opcode Fuzzy Hash: 80cf84b03bd4359fc356cd3df29daf184135e908ba896993e94d04022de77157
                                                                                                                    • Instruction Fuzzy Hash: 63915175A00205AFCB14DF58D484EEABBF1BF45308F198099E4459F352DB35ED86CB60
                                                                                                                    Function 00CCE27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __startOneArgErrorHandling.LIBCMT ref: 00CCE30D
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ErrorHandling__start
                                                                                                                    • String ID: pow
                                                                                                                    • API String ID: 3213639722-2276729525
                                                                                                                    • Opcode ID: 043009a4813db92cc64d7793e719c56cb527b1ae7c1005633e97801a9ecf295d
                                                                                                                    • Instruction ID: 924bdefaf34d657871346e78faa073d176ff832918a35d0f89ffc17dd8b69e08
                                                                                                                    • Opcode Fuzzy Hash: 043009a4813db92cc64d7793e719c56cb527b1ae7c1005633e97801a9ecf295d
                                                                                                                    • Instruction Fuzzy Hash: 7A515C61A0C3029ACB157B14C901B7A3BA4AF42740F744E9EF5E5823F9FB348D95AA46
                                                                                                                    Function 00CBE187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID:
                                                                                                                    • String ID: #
                                                                                                                    • API String ID: 0-1885708031
                                                                                                                    • Opcode ID: 54330777d9d696ae9c3f6555ee07e1950a6e992eabbcec26d1619e56307b1086
                                                                                                                    • Instruction ID: 612820167b9c31bc5b9d03414d6ebdae3445f6078f47cba7bec5eeb86c202f07
                                                                                                                    • Opcode Fuzzy Hash: 54330777d9d696ae9c3f6555ee07e1950a6e992eabbcec26d1619e56307b1086
                                                                                                                    • Instruction Fuzzy Hash: 5751593550434ADFDB15EF68C081AFA7BA4EF16710F244066FD619B2E0D7349E42DBA2
                                                                                                                    Function 00CBF291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • Sleep.KERNEL32(00000000), ref: 00CBF2A2
                                                                                                                    • GlobalMemoryStatusEx.KERNEL32(?), ref: 00CBF2BB
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: GlobalMemorySleepStatus
                                                                                                                    • String ID: @
                                                                                                                    • API String ID: 2783356886-2766056989
                                                                                                                    • Opcode ID: f909c854986455cf5ca09f9424480250b631ad3daf1bf8ed665fed04b3698a00
                                                                                                                    • Instruction ID: e2d1cbc1bb6b6581b1653929f96de6dd6480934e84ede9c5e8a52f61f4898f5b
                                                                                                                    • Opcode Fuzzy Hash: f909c854986455cf5ca09f9424480250b631ad3daf1bf8ed665fed04b3698a00
                                                                                                                    • Instruction Fuzzy Hash: 445134724087499FD320AF54DC86BABBBF8FB85304F81885DF199811A5EB708529CB66
                                                                                                                    Function 00D25745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 00D257E0
                                                                                                                    • _wcslen.LIBCMT ref: 00D257EC
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: BuffCharUpper_wcslen
                                                                                                                    • String ID: CALLARGARRAY
                                                                                                                    • API String ID: 157775604-1150593374
                                                                                                                    • Opcode ID: 707e2976485147fb12338187dd72b10a6bb7f08958dea661c47556bd3538c325
                                                                                                                    • Instruction ID: e4de321e68d12cc4717815a2207614e6bdb2a89b2519fa7b17fc277d8c643822
                                                                                                                    • Opcode Fuzzy Hash: 707e2976485147fb12338187dd72b10a6bb7f08958dea661c47556bd3538c325
                                                                                                                    • Instruction Fuzzy Hash: D141A131A001199FCB04DFA8E881DAEFBB5FF69318F144029E505A7295D770DD81DBA0
                                                                                                                    Function 00D1D0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • _wcslen.LIBCMT ref: 00D1D130
                                                                                                                    • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 00D1D13A
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CrackInternet_wcslen
                                                                                                                    • String ID: |
                                                                                                                    • API String ID: 596671847-2343686810
                                                                                                                    • Opcode ID: 768de2e701f369b616a4a68d7673ef23b5d7dc4efaacc3f44ff3616bccf1d57d
                                                                                                                    • Instruction ID: 6218b5b6783c23dcccf9751c709389e479265025691869224ce40ec7effab1d2
                                                                                                                    • Opcode Fuzzy Hash: 768de2e701f369b616a4a68d7673ef23b5d7dc4efaacc3f44ff3616bccf1d57d
                                                                                                                    • Instruction Fuzzy Hash: 21311971D00219BBCF15EFE4DC85AEEBFBAFF05304F040019E815A6166DB35AA46DB60
                                                                                                                    Function 00D3356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • DestroyWindow.USER32(?,?,?,?), ref: 00D33621
                                                                                                                    • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 00D3365C
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$DestroyMove
                                                                                                                    • String ID: static
                                                                                                                    • API String ID: 2139405536-2160076837
                                                                                                                    • Opcode ID: a4f9549b100acab8c59b45f3503b8357fa3828aafd967357b00db012ee648919
                                                                                                                    • Instruction ID: 1cef76c26efa56ae50b742cc477caf4f4f7b7448adb5408c99d54fc0f0708fbf
                                                                                                                    • Opcode Fuzzy Hash: a4f9549b100acab8c59b45f3503b8357fa3828aafd967357b00db012ee648919
                                                                                                                    • Instruction Fuzzy Hash: A9319A72110204AEDB209F68DC81EFB73A9FF88764F149619F8A5D7290DA30ED91DB70
                                                                                                                    Function 00D34537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 00D3461F
                                                                                                                    • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00D34634
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend
                                                                                                                    • String ID: '
                                                                                                                    • API String ID: 3850602802-1997036262
                                                                                                                    • Opcode ID: 21be11103693d6397f0957937303ca494949176b6705a4c6ab20af3f277c685f
                                                                                                                    • Instruction ID: 7ba6ffa81d72a3ddfec19cbbac4027bbb4b3dc8f20bbb2f72f495fd593a3d120
                                                                                                                    • Opcode Fuzzy Hash: 21be11103693d6397f0957937303ca494949176b6705a4c6ab20af3f277c685f
                                                                                                                    • Instruction Fuzzy Hash: 8D312575A0130A9FDB14CFA9C981BDABBB5FF09300F14406AE904AB391E774E941CFA0
                                                                                                                    Function 00D331EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 00D3327C
                                                                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00D33287
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: MessageSend
                                                                                                                    • String ID: Combobox
                                                                                                                    • API String ID: 3850602802-2096851135
                                                                                                                    • Opcode ID: 54241be1e0c340c22dd320259f3a1c341b625db206acfbe20eb58f1030204191
                                                                                                                    • Instruction ID: cdb64d383a8ac77db60958c81e7c06029cd3f6171ed9fe2f6629da51181c8d07
                                                                                                                    • Opcode Fuzzy Hash: 54241be1e0c340c22dd320259f3a1c341b625db206acfbe20eb58f1030204191
                                                                                                                    • Instruction Fuzzy Hash: E711E2753002087FEF219F54DD81EBB376AEB943A4F140228F918DB290D6319D618770
                                                                                                                    Function 00D33710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 00CA604C
                                                                                                                      • Part of subcall function 00CA600E: GetStockObject.GDI32(00000011), ref: 00CA6060
                                                                                                                      • Part of subcall function 00CA600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 00CA606A
                                                                                                                    • GetWindowRect.USER32(00000000,?), ref: 00D3377A
                                                                                                                    • GetSysColor.USER32(00000012), ref: 00D33794
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                    • String ID: static
                                                                                                                    • API String ID: 1983116058-2160076837
                                                                                                                    • Opcode ID: 6afa73490b0f6e7fe2759abc18eab60b28c3b853b7185c8be4e0e13ff0fe7a18
                                                                                                                    • Instruction ID: 3f1c512968133706c21444c71cec612f36b6c7b465f68b1b42b7baf413a7b68b
                                                                                                                    • Opcode Fuzzy Hash: 6afa73490b0f6e7fe2759abc18eab60b28c3b853b7185c8be4e0e13ff0fe7a18
                                                                                                                    • Instruction Fuzzy Hash: 901137B261020AAFDF00DFA8CD46EFA7BB8FB08354F045914F955E2250E775E861DB60
                                                                                                                    Function 00D1CD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 00D1CD7D
                                                                                                                    • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00D1CDA6
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Internet$OpenOption
                                                                                                                    • String ID: <local>
                                                                                                                    • API String ID: 942729171-4266983199
                                                                                                                    • Opcode ID: 33f24b611ed72f4d3606d8ff525e1411b4655ccef08b984f823c3d73b0e84a57
                                                                                                                    • Instruction ID: c47936c6f93446e113ff99edb601ac8b2b38f5ce52851bb97e4c250328d0c387
                                                                                                                    • Opcode Fuzzy Hash: 33f24b611ed72f4d3606d8ff525e1411b4655ccef08b984f823c3d73b0e84a57
                                                                                                                    • Instruction Fuzzy Hash: 8E11C6B12A56317AD7344B66BC45EE7BE6CEF127A4F005226B549D3180DB709881D6F0
                                                                                                                    Function 00D33429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetWindowTextLengthW.USER32(00000000), ref: 00D334AB
                                                                                                                    • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00D334BA
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LengthMessageSendTextWindow
                                                                                                                    • String ID: edit
                                                                                                                    • API String ID: 2978978980-2167791130
                                                                                                                    • Opcode ID: 1cdbfd97c3531672ac8069af41916cd61ef7328c90d894561dce38ef8250e6d5
                                                                                                                    • Instruction ID: cee2b31fcd50e6f8810a1cf585c67848a28b6c39bc8361c39bae8a9024befc69
                                                                                                                    • Opcode Fuzzy Hash: 1cdbfd97c3531672ac8069af41916cd61ef7328c90d894561dce38ef8250e6d5
                                                                                                                    • Instruction Fuzzy Hash: BE118C71100208AFEB228F64DD44AAB376AEB05378F544324F965E32E0C771DCA19B70
                                                                                                                    Function 00D06C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD
                                                                                                                    • CharUpperBuffW.USER32(?,?,?), ref: 00D06CB6
                                                                                                                    • _wcslen.LIBCMT ref: 00D06CC2
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen$BuffCharUpper
                                                                                                                    • String ID: STOP
                                                                                                                    • API String ID: 1256254125-2411985666
                                                                                                                    • Opcode ID: e49834979176e06021e37826151fb49a441dcd6fff734e437f9f9e2b76037d8f
                                                                                                                    • Instruction ID: 5046c9626966f31829b48e0c3008aef2515cf9be671c859b9e71d7fc23eb1460
                                                                                                                    • Opcode Fuzzy Hash: e49834979176e06021e37826151fb49a441dcd6fff734e437f9f9e2b76037d8f
                                                                                                                    • Instruction Fuzzy Hash: 8A012232A005278BDB20AFBDDC81BBF3BB4EF61714B040528E866972D0EB31D860C670
                                                                                                                    Function 00D01CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD
                                                                                                                      • Part of subcall function 00D03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D03CCA
                                                                                                                    • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00D01D4C
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                    • Opcode ID: 7e927d2c535f67771c56b3bccf5bcacdf7ce2bfd2f2734a48d7469f86e9d80b6
                                                                                                                    • Instruction ID: 7fc9003d59de370618befe3fde8f8f272cd8a048a6546a9b3e799837d2f91266
                                                                                                                    • Opcode Fuzzy Hash: 7e927d2c535f67771c56b3bccf5bcacdf7ce2bfd2f2734a48d7469f86e9d80b6
                                                                                                                    • Instruction Fuzzy Hash: 1B01D875601225ABCB04EBA4CC56EFE7368EB47354F040619F876673D1EA3099089770
                                                                                                                    Function 00D01BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD
                                                                                                                      • Part of subcall function 00D03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D03CCA
                                                                                                                    • SendMessageW.USER32(?,00000180,00000000,?), ref: 00D01C46
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                    • Opcode ID: d1f85fc47ac46eb95d619b6ac83c6335c9de79d1b4763da33441da00677423c9
                                                                                                                    • Instruction ID: 07a5920c1f55ad450828bba99e33109c51c9c1de6d8d8a9ee527238ef51c7acb
                                                                                                                    • Opcode Fuzzy Hash: d1f85fc47ac46eb95d619b6ac83c6335c9de79d1b4763da33441da00677423c9
                                                                                                                    • Instruction Fuzzy Hash: C101A7757811056BDB08EB90C956BFFB7A8DB12344F140019F41A772C1EA24DE4C96B5
                                                                                                                    Function 00D01C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD
                                                                                                                      • Part of subcall function 00D03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D03CCA
                                                                                                                    • SendMessageW.USER32(?,00000182,?,00000000), ref: 00D01CC8
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                    • Opcode ID: 4635c823b3aafa4447b21a6ea0fe4f3dffe2311b9f020ac2bbf0e5975787b581
                                                                                                                    • Instruction ID: a586625bec0257a22d38af50f10fbaeb1de5f9ed347b01ee4788ae76e42d6643
                                                                                                                    • Opcode Fuzzy Hash: 4635c823b3aafa4447b21a6ea0fe4f3dffe2311b9f020ac2bbf0e5975787b581
                                                                                                                    • Instruction Fuzzy Hash: 2C01D675B801196BEB04EBA5CA16BFEB3ACDB12384F140015B80AB32C1EA70DF08D675
                                                                                                                    Function 00D01D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CA9CB3: _wcslen.LIBCMT ref: 00CA9CBD
                                                                                                                      • Part of subcall function 00D03CA7: GetClassNameW.USER32(?,?,000000FF), ref: 00D03CCA
                                                                                                                    • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 00D01DD3
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ClassMessageNameSend_wcslen
                                                                                                                    • String ID: ComboBox$ListBox
                                                                                                                    • API String ID: 624084870-1403004172
                                                                                                                    • Opcode ID: 937c007ab13047fecbc3d6580ebd279f82c54f3e07f95fa0ae49b95a999053f4
                                                                                                                    • Instruction ID: 33491e622ab4fdb80838f1f45d4be9df473f75f60a59f2f12db7a867116c5fb3
                                                                                                                    • Opcode Fuzzy Hash: 937c007ab13047fecbc3d6580ebd279f82c54f3e07f95fa0ae49b95a999053f4
                                                                                                                    • Instruction Fuzzy Hash: 80F0A475B516156BDB04E7A4CC56BFE776CEB02358F040915F866A72C1DA70990C9270
                                                                                                                    Function 00CBFDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00CC0668
                                                                                                                      • Part of subcall function 00CC32A4: RaiseException.KERNEL32(?,?,?,00CC068A,?,00D71444,?,?,?,?,?,?,00CC068A,00CA1129,00D68738,00CA1129), ref: 00CC3304
                                                                                                                    • __CxxThrowException@8.LIBVCRUNTIME ref: 00CC0685
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                    • String ID: Unknown exception
                                                                                                                    • API String ID: 3476068407-410509341
                                                                                                                    • Opcode ID: a2a64ae26291a8cfa0759b522e31b08ee14e94b90dedb6279f2488bfc3ab7d3b
                                                                                                                    • Instruction ID: b5dc62cbdae627264de5b3ce80366b5032d589ac00861a7c3a469a1bf82c604c
                                                                                                                    • Opcode Fuzzy Hash: a2a64ae26291a8cfa0759b522e31b08ee14e94b90dedb6279f2488bfc3ab7d3b
                                                                                                                    • Instruction Fuzzy Hash: D8F04F3490020DB78F04BAB5EC4AE9E7B6C5E40350F70853DF92496692EF71DB6AA690
                                                                                                                    Function 00D2747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: _wcslen
                                                                                                                    • String ID: 3, 3, 16, 1
                                                                                                                    • API String ID: 176396367-3042988571
                                                                                                                    • Opcode ID: 9919a41b3de19afba31e62a804d2710c24c17259c8915673f3ca82edc1bbf1d8
                                                                                                                    • Instruction ID: 1a047bf6fb8894682a43e2d390f5201abb051282355e0c97b9187f84e8f15203
                                                                                                                    • Opcode Fuzzy Hash: 9919a41b3de19afba31e62a804d2710c24c17259c8915673f3ca82edc1bbf1d8
                                                                                                                    • Instruction Fuzzy Hash: F5E02B026042301092353279FCC1EBF568DCFD6754714182FF981C2266EAA4CD93A3B0
                                                                                                                    Function 00D00B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00D00B23
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Message
                                                                                                                    • String ID: AutoIt$Error allocating memory.
                                                                                                                    • API String ID: 2030045667-4017498283
                                                                                                                    • Opcode ID: c2d31c6da8a035a413b36fe0d63a66f1ffe54b5c46105638840abdfbfabfc8e7
                                                                                                                    • Instruction ID: 5cebbeda0eefabdb72e7b50456d4ea0c2d1b5d535933b810f8b6b6b2dbdb3992
                                                                                                                    • Opcode Fuzzy Hash: c2d31c6da8a035a413b36fe0d63a66f1ffe54b5c46105638840abdfbfabfc8e7
                                                                                                                    • Instruction Fuzzy Hash: 53E0DF322943183AD2143794BC03FC97A848F05B61F10042EFB98A56C38AE264902BB9
                                                                                                                    Function 00CC0D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                      • Part of subcall function 00CBF7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00CC0D71,?,?,?,00CA100A), ref: 00CBF7CE
                                                                                                                    • IsDebuggerPresent.KERNEL32(?,?,?,00CA100A), ref: 00CC0D75
                                                                                                                    • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,00CA100A), ref: 00CC0D84
                                                                                                                    Strings
                                                                                                                    • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00CC0D7F
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                    • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                    • API String ID: 55579361-631824599
                                                                                                                    • Opcode ID: fd52611ed9ffd2189174ac1855d200638a2efc8b035c7b9021c1e9738d2a91cd
                                                                                                                    • Instruction ID: 6469c54dd53a937c9d3a5914ee781518d5cf5d5ffaa3fe8551d0e49d3cf2cec4
                                                                                                                    • Opcode Fuzzy Hash: fd52611ed9ffd2189174ac1855d200638a2efc8b035c7b9021c1e9738d2a91cd
                                                                                                                    • Instruction Fuzzy Hash: 00E06D742007118BD3209FB8D8087427BE0AB00744F104A6DE886D6751DBB4E4848BA1
                                                                                                                    Function 00D13017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 00D1302F
                                                                                                                    • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 00D13044
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: Temp$FileNamePath
                                                                                                                    • String ID: aut
                                                                                                                    • API String ID: 3285503233-3010740371
                                                                                                                    • Opcode ID: cdea82cefd5bbaeecf39b68d0c2851d9d6ae26db6997c9ac8ab201129811d637
                                                                                                                    • Instruction ID: e637c6d61a73a2ba9effc98ebd82e63ab9f1a8bf225b0146c120a43be6eda844
                                                                                                                    • Opcode Fuzzy Hash: cdea82cefd5bbaeecf39b68d0c2851d9d6ae26db6997c9ac8ab201129811d637
                                                                                                                    • Instruction Fuzzy Hash: 9BD05E765003286BDA20A7A4AC0EFCB3A6CDB05750F0002A1BA55E2191DAB0D984CBE4
                                                                                                                    Function 00CFD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: LocalTime
                                                                                                                    • String ID: %.3d$X64
                                                                                                                    • API String ID: 481472006-1077770165
                                                                                                                    • Opcode ID: 47566c175de3756d3829ac0cce003d28584e62ea2f8d81dbab2da113b2cfa1d0
                                                                                                                    • Instruction ID: b5832b0183d19afbb4bbcf4772c6bc3bc00edb8d8e6f7df8de5274ede666ada4
                                                                                                                    • Opcode Fuzzy Hash: 47566c175de3756d3829ac0cce003d28584e62ea2f8d81dbab2da113b2cfa1d0
                                                                                                                    • Instruction Fuzzy Hash: 80D012A180810CEACBD097D2DC458FAB37DAB18301F508452FA07E1140E624C90867A3
                                                                                                                    Function 00D32356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00D3236C
                                                                                                                    • PostMessageW.USER32(00000000), ref: 00D32373
                                                                                                                      • Part of subcall function 00D0E97B: Sleep.KERNEL32 ref: 00D0E9F3
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FindMessagePostSleepWindow
                                                                                                                    • String ID: Shell_TrayWnd
                                                                                                                    • API String ID: 529655941-2988720461
                                                                                                                    • Opcode ID: 8fed50e796ee3a5ae519efbd102c6e9fd11a5d23cb9fc7a52532c72748717051
                                                                                                                    • Instruction ID: 400ecca2a56c477a1bdb346ccf986838beb86c932390a8d06c149f2e48b50d13
                                                                                                                    • Opcode Fuzzy Hash: 8fed50e796ee3a5ae519efbd102c6e9fd11a5d23cb9fc7a52532c72748717051
                                                                                                                    • Instruction Fuzzy Hash: F4D0C9323913107BE664A770AC0FFC676149B05B10F1059167645FA2E0C9A0A8058B74
                                                                                                                    Function 00D32322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00D3232C
                                                                                                                    • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00D3233F
                                                                                                                      • Part of subcall function 00D0E97B: Sleep.KERNEL32 ref: 00D0E9F3
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: FindMessagePostSleepWindow
                                                                                                                    • String ID: Shell_TrayWnd
                                                                                                                    • API String ID: 529655941-2988720461
                                                                                                                    • Opcode ID: 073d4945b70a41aa7da866c418609e28697394de21e4e3e277e5eb463dab5db7
                                                                                                                    • Instruction ID: c738f89cd80bfd3dc83ef20b62d93f8361cac4145089b47b2c57e12c84f36fd6
                                                                                                                    • Opcode Fuzzy Hash: 073d4945b70a41aa7da866c418609e28697394de21e4e3e277e5eb463dab5db7
                                                                                                                    • Instruction Fuzzy Hash: 41D012363A4310BBE664B770EC0FFC67A149B00B10F1059167749FA2E0C9F0A805CB74
                                                                                                                    Function 00CDBDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 00CDBE93
                                                                                                                    • GetLastError.KERNEL32 ref: 00CDBEA1
                                                                                                                    • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 00CDBEFC
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000000.00000002.2100885392.0000000000CA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00CA0000, based on PE: true
                                                                                                                    • Associated: 00000000.00000002.2100846887.0000000000CA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D3C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100942157.0000000000D62000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100983802.0000000000D6C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    • Associated: 00000000.00000002.2100999126.0000000000D74000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_0_2_ca0000_file.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                    • String ID:
                                                                                                                    • API String ID: 1717984340-0
                                                                                                                    • Opcode ID: 3d5b9a02d78cb0b0d1397a393c120dd168a3abd433f95353094fa9dffeb7c23f
                                                                                                                    • Instruction ID: 1f89d2de916a46d38d4810aa65b634c1e48f9b8bd1c2cfad081ef6b18197f507
                                                                                                                    • Opcode Fuzzy Hash: 3d5b9a02d78cb0b0d1397a393c120dd168a3abd433f95353094fa9dffeb7c23f
                                                                                                                    • Instruction Fuzzy Hash: 6E41B539604346EFCF21CFA5CD54BBA7BA5AF41310F16416AFA69973A1DB308E01DB60

                                                                                                                    Execution Graph

                                                                                                                    Execution Coverage:0.4%
                                                                                                                    Dynamic/Decrypted Code Coverage:0%
                                                                                                                    Signature Coverage:100%
                                                                                                                    Total number of Nodes:6
                                                                                                                    Total number of Limit Nodes:0
                                                                                                                    execution_graph 5003 25f2e4321f2 5004 25f2e432249 NtQuerySystemInformation 5003->5004 5005 25f2e4305c4 5003->5005 5004->5005 5000 25f2e4390f7 5001 25f2e439107 NtQuerySystemInformation 5000->5001 5002 25f2e4390a4 5001->5002

                                                                                                                    Callgraph

                                                                                                                    Executed Functions

                                                                                                                    Function 0000025F2E4321F2 Relevance: 26.1, APIs: 1, Strings: 10, Instructions: 6826nativeCOMMON
                                                                                                                    Download Yara Rule
                                                                                                                    APIs
                                                                                                                    Strings
                                                                                                                    Memory Dump Source
                                                                                                                    • Source File: 00000010.00000002.3366462278.0000025F2E430000.00000020.00000001.00020000.00000000.sdmp, Offset: 0000025F2E430000, based on PE: false
                                                                                                                    Joe Sandbox IDA Plugin
                                                                                                                    • Snapshot File: hcaresult_16_2_25f2e430000_firefox.jbxd
                                                                                                                    Similarity
                                                                                                                    • API ID: InformationQuerySystem
                                                                                                                    • String ID: #$#$#$4$>$>$>$A$z$z
                                                                                                                    • API String ID: 3562636166-3072146587
                                                                                                                    • Opcode ID: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                                                    • Instruction ID: 0298851d762805f69dffc7cdbf074f30e84cc7c590051992e9f475604216ff18
                                                                                                                    • Opcode Fuzzy Hash: a7beeb6ed6d4bd1c13836e24e4a4bf8602c8d7752103ee20adf8d6ea9f6b849f
                                                                                                                    • Instruction Fuzzy Hash: 51A3E231618E498BDB6DDF18DC856B973E5FB94301F24423EDD4AC7245EF38EA028A85